CVE-2024-43188

EUVD-2024-40098
IBM Business Automation Workflow 

22.0.2, 23.0.1, 23.0.2, and 24.0.0

could allow a privileged user to perform unauthorized activities due to improper client side validation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
ibmCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_automation_workflow
18.0.0.1 ≤
𝑥
≤ 18.0.0.3
ibmbusiness_automation_workflow
19.0.0.1 ≤
𝑥
≤ 19.0.0.3
ibmbusiness_automation_workflow
21.0.1 ≤
𝑥
≤ 21.0.3.1
ibmbusiness_automation_workflow
20.0.0.1
ibmbusiness_automation_workflow
20.0.0.2
ibmbusiness_automation_workflow
22.0.1
ibmbusiness_automation_workflow
22.0.2
ibmbusiness_automation_workflow
23.0.1
ibmbusiness_automation_workflow
23.0.2
ibmbusiness_automation_workflow
24.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7168769