VYPR
Unrated severityNVD Advisory· Published Feb 5, 2025· Updated Feb 22, 2025

IBM Cloud Pak for Business Automation incorrect privilege assignment

CVE-2024-49348

Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2

allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • >=18.0.0, <=22.0.2+ 1 more
    • (no CPE)range: >=18.0.0, <=22.0.2
    • (no CPE)range: 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.