Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-36023

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

Published

2025-08-08T15:15:28.087

Last Modified

2025-08-15T18:19:48.543

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes

References

https://www.ibm.com/support/pages/node/7241570 Vendor Advisory ([email protected])