Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/02/07 6:19 p.m.13 views

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

4.3CVSS4.5AI score0.00247EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 4:31 p.m.19 views

Security Bulletin: Weak authorization IBM Business Automation Workflow - CVE-2024-49348

Summary IBM Business Automation Workflow is vulnerable may return sensitive information in unexpected scenarios. Vulnerability Details CVEID:CVE-2024-49348 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2,...

6.5CVSS6.2AI score0.00247EPSS
Exploits0Affected Software2
NVD
NVD
added 2025/02/05 12:15 p.m.19 views

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

6.5CVSS0.00247EPSS
Exploits0References1
Circl
Circl
added 2025/02/05 11:34 a.m.10 views

CVE-2024-49348

creationtimestamp| type| source ---|---|--- 2025-02-05 11:34:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113951067139075642 2025-02-05 12:16:05+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhgkfgvy3r2j 2025-02-05 14:58:14+00:00| seen|...

6.5CVSS5.3AI score0.00247EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/05 11:30 a.m.14 views

CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

4.3CVSS4.6AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/05 11:30 a.m.33 views

CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

4.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2025/02/05 11:30 a.m.89 views

CVE-2024-49348

CVE-2024-49348 affects IBM Cloud Pak for Business Automation (versions 18.0.0 through 22.0.2). The issue is described as an incorrect privilege assignment that can restrict access to organizational data to valid contexts, with the root cause being that tasks of type comment can be reassigned via ...

6.5CVSS6.7AI score0.00247EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder