An access control vulnerability has been identified in IBM Cloud Pak for Business Automation versions 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2. This vulnerability allows tasks of type comment to be reassigned via API, implicitly granting access to user queries in an unexpected context. As a result, this could lead to unauthorized access to organizational data.
Exploitation of this vulnerability could result in unauthorized access to user queries, allowing for potential misuse of organizational data.
Users can upgrade to IBM Cloud Pak for Business Automation 21.0.3-IF039 or 24.0.0-IF004. Instructions for downloading these versions are available on the IBM Cloud Pak for Business Automation support page.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
