CVE-2025-36091

Summary

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak For Business Automation25.0.0affected
IBMCloud Pak For Business Automation24.0.1affected
IBMCloud Pak For Business Automation24.0.0affected

Weaknesses

  • CWE-283: CWE-283 Unverified Ownership

Workarounds

Workarounds and Mitigations None.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References