Lucene search
IbmCVE-2024-38321HistoryAug 03, 2024 - 2:15 p.m.
CVE-2024-38321
2024-08-0314:15:48
CWE-532
ibm
web.nvd.nist.gov
10
ibm business automation workflow
sensitive information
log files
authenticated user
security vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
18.8%
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
Affected configurations
Node
ibmbusiness_automation_workflowMatch20.0.0.1containers
ORibmbusiness_automation_workflowMatch20.0.0.2containers
ORibmbusiness_automation_workflowMatch21.0.2containers
ORibmbusiness_automation_workflowMatch21.0.3-containers
ORibmbusiness_automation_workflowMatch21.0.3if002containers
ORibmbusiness_automation_workflowMatch21.0.3if005containers
ORibmbusiness_automation_workflowMatch21.0.3if006containers
ORibmbusiness_automation_workflowMatch21.0.3if007containers
ORibmbusiness_automation_workflowMatch21.0.3if008containers
ORibmbusiness_automation_workflowMatch21.0.3if009containers
ORibmbusiness_automation_workflowMatch21.0.3if010containers
ORibmbusiness_automation_workflowMatch21.0.3if011containers
ORibmbusiness_automation_workflowMatch21.0.3if012containers
ORibmbusiness_automation_workflowMatch21.0.3if013containers
ORibmbusiness_automation_workflowMatch21.0.3if014containers
ORibmbusiness_automation_workflowMatch21.0.3if015containers
ORibmbusiness_automation_workflowMatch21.0.3if016containers
ORibmbusiness_automation_workflowMatch21.0.3if017containers
ORibmbusiness_automation_workflowMatch21.0.3if028containers
ORibmbusiness_automation_workflowMatch21.0.3if029containers
ORibmbusiness_automation_workflowMatch21.0.3if030containers
ORibmbusiness_automation_workflowMatch21.0.3if031containers
ORibmbusiness_automation_workflowMatch21.0.3if032containers
ORibmbusiness_automation_workflowMatch21.0.3if033containers
ORibmbusiness_automation_workflowMatch21.0.3if034containers
ORibmbusiness_automation_workflowMatch22.0.1containers
ORibmbusiness_automation_workflowMatch22.0.2containers
ORibmbusiness_automation_workflowMatch23.0.1containers
ORibmbusiness_automation_workflowMatch23.0.2containers
Node
ibmbusiness_automation_workflowRange19.0.0.1–19.0.0.3traditional
ORibmbusiness_automation_workflowRange20.0.0.1–20.0.0.2traditional
ORibmbusiness_automation_workflowRange21.0.1–21.0.3.0traditional
ORibmbusiness_automation_workflowRange22.0.1–22.0.2traditional
ORibmbusiness_automation_workflowRange23.0.1–23.0.2traditional
Node
ibmbusiness_automation_workflowRange23.0.1–23.0.2enterprise_service_bus
ORibmbusiness_automation_workflowMatch22.0.2enterprise_service_bus
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | business_automation_workflow | 20.0.0.1 | cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 20.0.0.2 | cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.2 | cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:* |
| ibm | business_automation_workflow | 21.0.3 | cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:* |
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2, 24.0.0"
}
]
}
]Related
ibm
ibm
vulnrichment
vulnrichment
CVE-2024-38321 IBM Business Automation Workflow information disclosure
2024-08-03 13:34:16
cvelist
cvelist
CVE-2024-38321 IBM Business Automation Workflow information disclosure
2024-08-03 13:34:16
nvd
nvd
CVE-2024-38321
2024-08-03 14:15:48
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
18.8%
Related for CVE-2024-38321