← Back

CVE-2024-31897

nvd nist
Published: Jul 8, 2024Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.

Affected (70)

Ibm
1 product
Cloud Pak For Business Automation
Configuration A
70 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Cloud Pak For Business Automation
From 18.0.0 to 18.0.2
Cloud Pak For Business Automation
From 19.0.1 to 19.0.3
Cloud Pak For Business Automation
From 20.0.1 to 20.0.3
Cloud Pak For Business Automation
Version 21.0.1
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_001
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_002
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_003
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_004
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_005
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_006
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_007
Cloud Pak For Business Automation
Version 21.0.1 interim_fix_008
Cloud Pak For Business Automation
Version 21.0.3
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_001
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_002
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_003
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_004
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_005
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_006
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_007
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_008
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_009
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_010
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_011
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_012
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_013
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_014
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_015
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_016
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_017
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_018
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_019
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_020
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_021
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_022
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_023
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_024
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_025
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_026
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_028
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_029
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_030
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_031
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_032
Cloud Pak For Business Automation
Version 21.0.3 interim_fix_033
Cloud Pak For Business Automation
Version 22.0.1
Cloud Pak For Business Automation
Version 22.0.1 interim_fix_001
Cloud Pak For Business Automation
Version 22.0.1 interim_fix_002
Cloud Pak For Business Automation
Version 22.0.1 interim_fix_003
Cloud Pak For Business Automation
Version 22.0.1 interim_fix_004
Cloud Pak For Business Automation
Version 22.0.1 interim_fix_005
Cloud Pak For Business Automation
Version 22.0.1 interim_fix_006
Cloud Pak For Business Automation
Version 22.0.2
Cloud Pak For Business Automation
Version 22.0.2 interim_fix_001
Cloud Pak For Business Automation
Version 22.0.2 interim_fix_002
Cloud Pak For Business Automation
Version 22.0.2 interim_fix_003
Cloud Pak For Business Automation
Version 22.0.2 interim_fix_004
Cloud Pak For Business Automation
Version 22.0.2 interim_fix_005
Cloud Pak For Business Automation
Version 22.0.2 interim_fix_006
Cloud Pak For Business Automation
Version 23.0.1
Cloud Pak For Business Automation
Version 23.0.1 interim_fix_001
Cloud Pak For Business Automation
Version 23.0.1 interim_fix_002
Cloud Pak For Business Automation
Version 23.0.1 interim_fix_003
Cloud Pak For Business Automation
Version 23.0.1 interim_fix_004
Cloud Pak For Business Automation
Version 23.0.2
Cloud Pak For Business Automation
Version 23.0.2 interim_fix_001
Cloud Pak For Business Automation
Version 23.0.2 interim_fix_002
Cloud Pak For Business Automation
Version 23.0.2 interim_fix_003
Cloud Pak For Business Automation
Version 23.0.2 interim_fix_004
Cloud Pak For Business Automation
Version 23.0.2 interim_fix_005

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.