Lucene search

IbmCVELIST:CVE-2024-43188

HistorySep 18, 2024 - 11:39 a.m.

CVE-2024-43188 IBM Business Automation Workflow improper input validation

2024-09-1811:39:22

CWE-602

ibm

www.cve.org

ibm business automation workflow

input validation

vulnerability

privileged user

unauthorized activities

client side validation

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

IBM Business Automation Workflow

22.0.2, 23.0.1, 23.0.2, and 24.0.0

could allow a privileged user to perform unauthorized activities due to improper client side validation.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Business Automation Workflow",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "22.0.2, 23.0.1, 23.0.2, 24.0.0"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/7168769

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for CVELIST:CVE-2024-43188