Vulnerability Details CVE-2024-49348
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2
allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-49348
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1
-
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2