CVE-2023-38367: IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2…

medium6.5CVSS 3.1

AVNACLPRNUINSUCLILAN

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
ibm	cloud_pak_for_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—