CVE-2025-36023

Summary

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak for Business Automation24.0.0 <= 24.0.0 IF005affected
IBMCloud Pak for Business Automation24.0.1 <= 24.0.1 IF002affected

Weaknesses

  • CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References