Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-36091

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

Published

2025-11-03T16:15:34.413

Last Modified

2025-11-05T14:51:51.157

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-283

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes
Application	ibm	cloud_pak_for_business_automation	24.0.1	Yes
Application	ibm	cloud_pak_for_business_automation	25.0.0	Yes
Application	ibm	cloud_pak_for_business_automation	25.0.0	Yes

References

https://www.ibm.com/support/pages/node/7249999 Vendor Advisory ([email protected])