CVE-2025-36023
BaseFortify
Publication date: 2025-08-08
Last updated on: 2025-08-15
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cloud_pak_for_business_automation | 24.0.0 |
| ibm | cloud_pak_for_business_automation | 24.0.0 |
| ibm | cloud_pak_for_business_automation | 24.0.0 |
| ibm | cloud_pak_for_business_automation | 24.0.0 |
| ibm | cloud_pak_for_business_automation | 24.0.1 |
| ibm | cloud_pak_for_business_automation | 24.0.1 |
| ibm | cloud_pak_for_business_automation | 24.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 allows an authenticated user to view sensitive user and system information. This happens due to an indirect object reference vulnerability where a user-controlled key is used to access information that should be restricted.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to access sensitive user and system information that they should not be able to see. This could lead to unauthorized disclosure of confidential data, potentially compromising privacy and security.