CVE-2024-38321

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.

Published: Aug 3, 2024
Updated: May 4, 2025
CVE: CVE-2024-38321
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
ibm / business_automation_workflow	21.0.3-if011	21.0.3-if011.x
ibm / business_automation_workflow	21.0.3-if010	21.0.3-if010.x
ibm / business_automation_workflow	21.0.3-if009	21.0.3-if009.x
ibm / business_automation_workflow	21.0.3-if008	21.0.3-if008.x
ibm / business_automation_workflow	21.0.3-if007	21.0.3-if007.x
ibm / business_automation_workflow	21.0.3-if006	21.0.3-if006.x
ibm / business_automation_workflow	21.0.2	21.0.2.x
ibm / business_automation_workflow	20.0.0.1	20.0.0.1.x
ibm / business_automation_workflow	20.0.0.2	20.0.0.2.x
ibm / business_automation_workflow	21.0.3-if002	21.0.3-if002.x
ibm / business_automation_workflow	21.0.3-if005	21.0.3-if005.x
ibm / business_automation_workflow	21.0.3-if012	21.0.3-if012.x
ibm / business_automation_workflow	21.0.3-if013	21.0.3-if013.x
ibm / business_automation_workflow	21.0.3-if014	21.0.3-if014.x
ibm / business_automation_workflow	21.0.3-if015	21.0.3-if015.x
ibm / business_automation_workflow	21.0.3-if016	21.0.3-if016.x
ibm / business_automation_workflow	22.0.1	22.0.1.x
ibm / business_automation_workflow	22.0.2	22.0.2.x
ibm / business_automation_workflow	21.0.3	21.0.3.x
ibm / business_automation_workflow	21.0.3-if017	21.0.3-if017.x
ibm / business_automation_workflow	21.0.3-if028	21.0.3-if028.x
ibm / business_automation_workflow	21.0.3-if029	21.0.3-if029.x
ibm / business_automation_workflow	21.0.3-if030	21.0.3-if030.x
ibm / business_automation_workflow	21.0.3-if031	21.0.3-if031.x
ibm / business_automation_workflow	21.0.3-if032	21.0.3-if032.x
ibm / business_automation_workflow	21.0.3-if033	21.0.3-if033.x
ibm / business_automation_workflow	21.0.3-if034	21.0.3-if034.x
ibm / business_automation_workflow	23.0.1	23.0.1.x
ibm / business_automation_workflow	23.0.2	23.0.2.x
ibm / business_automation_workflow	19.0.0.1	19.0.0.3.x
ibm / business_automation_workflow	23.0.1	23.0.2.x
ibm / business_automation_workflow	22.0.1	22.0.2.x
ibm / business_automation_workflow	21.0.1	21.0.3.0.x
ibm / business_automation_workflow	20.0.0.1	20.0.0.2.x

Vulnerability Database

300,425

CVE-2024-38321

Deep Security Visibility Without the Complexity