CVE-2024-49348

{"id": "CVE-2024-49348", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-02-05T12:15:28.570", "references": [{"url": "https://www.ibm.com/support/pages/node/7182403", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation\u00a018.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 \n\n\n\nallows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context."}, {"lang": "es", "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1 y 22.0.2 permiten restringir el acceso a los datos de la organizaci\u00f3n a contextos v\u00e1lidos. El hecho de que las tareas de tipo comentario se puedan reasignar a trav\u00e9s de la API otorga impl\u00edcitamente acceso a las consultas de los usuarios en un contexto inesperado."}], "lastModified": "2025-08-12T16:36:42.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D419EF8-4D41-4FBE-A41B-9F9EAF7F72EE"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C27956AA-CCEE-4073-A8D7-D1B9575EE25C"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12A70646-ADD3-4CF7-A591-8BE96FBEF5A9"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF6CB2C4-800F-487A-B0E5-8A0A9718549D"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D52711AA-0F11-47E7-8EE8-6B8D65403F8A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE2C6F84-C83F-4AE1-B0A7-740568F52C04"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC8A641D-B7AB-41FA-AFDB-2C8EBDA6A1A7"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "250AC4D5-1D25-4EEE-B1CA-AA8E104BBF7B"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C5B7FA4-A27C-40CA-AA53-183909D18C13"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA799229-3577-409F-BFCC-0ABA541EA710"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}