CVE-2025-36023

Published: Aug 8, 2025Modified: Aug 15, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

Affected (7)

Products: Ibm: Cloud Pak For Business Automation

Ibm

1 product

Cloud Pak For Business Automation

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ibm Cloud Pak For Business Automation	Version 24.0.0
Ibm Cloud Pak For Business Automation	Version 24.0.0 interim_fix_001
Ibm Cloud Pak For Business Automation	Version 24.0.0 interim_fix_004
Ibm Cloud Pak For Business Automation	Version 24.0.0 interim_fix_005
Ibm Cloud Pak For Business Automation	Version 24.0.1
Ibm Cloud Pak For Business Automation	Version 24.0.1 interim_fix_001
Ibm Cloud Pak For Business Automation	Version 24.0.1 interim_fix_002

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://www.ibm.com/support/pages/node/7241570

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.