Vulnerability Database

296,202

Total vulnerabilities in the database

CVE-2025-36023

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

  • Published: Aug 8, 2025
  • Updated: Aug 9, 2025
  • CVE: CVE-2025-36023
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
ibm / cloud_pak_for_business_automation 24.0.0 24.0.0.x
ibm / cloud_pak_for_business_automation 24.0.0-interim_fix_001 24.0.0-interim_fix_001.x
ibm / cloud_pak_for_business_automation 24.0.0-interim_fix_004 24.0.0-interim_fix_004.x
ibm / cloud_pak_for_business_automation 24.0.0-interim_fix_005 24.0.0-interim_fix_005.x
ibm / cloud_pak_for_business_automation 24.0.1 24.0.1.x
ibm / cloud_pak_for_business_automation 24.0.1-interim_fix_001 24.0.1-interim_fix_001.x
ibm / cloud_pak_for_business_automation 24.0.1-interim_fix_002 24.0.1-interim_fix_002.x