CVE-2024-49348

EUVD-2024-43568
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 



allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
ibmcloud_pak_for_business_automation
18.0.0
ibmcloud_pak_for_business_automation
18.0.1
ibmcloud_pak_for_business_automation
18.0.2
ibmcloud_pak_for_business_automation
19.0.1
ibmcloud_pak_for_business_automation
19.0.2
ibmcloud_pak_for_business_automation
19.0.3
ibmcloud_pak_for_business_automation
20.0.1
ibmcloud_pak_for_business_automation
20.0.2
ibmcloud_pak_for_business_automation
20.0.3
ibmcloud_pak_for_business_automation
21.0.1
ibmcloud_pak_for_business_automation
21.0.2
ibmcloud_pak_for_business_automation
21.0.3
ibmcloud_pak_for_business_automation
22.0.1
ibmcloud_pak_for_business_automation
22.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7182403