IBM Cloud Pak for Business Automation security bypass_CVE-2025-36023

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

Basic Information

ID CVE-2025-36023

Source ibm

Published Aug 8, 2025 at 14:51

Modified Aug 8, 2025 at 15:07

Affected Product

Vendor IBM

Product Cloud Pak for Business Automation

Version 24.0.0

Affected Versions IBM Cloud Pak for Business Automation 24.0.0
IBM Cloud Pak for Business Automation 24.0.1

CWE Classification

CWE-639

References

www.ibm.com /support/pages/node/7241570

{
    "lastseen": "",
    "description": "IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.",
    "published": "2025-08-08T14:51:12.631Z",
    "modified": "2025-08-08T15:07:16.477Z",
    "type": "cve",
    "title": "IBM Cloud Pak for Business Automation security bypass",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7241570",
    "id": "CVE-2025-36023",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "IBM Cloud Pak for Business Automation 24.0.0\nIBM Cloud Pak for Business Automation 24.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cloud Pak for Business Automation",
    "version": "24.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}