CVE-2023-40691

CWE-200 — Information Exposure3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 84.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK FOR Business Automation

Timeline

PublishedDec 18

Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/cloud_pak_for_business_automation18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2

▶NVDibm/cloud_pak10 versions+9

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Cloud Pak for Business Automation information disclosure↗2023-12-18

▶

GHSA

GHSA-v2vm-8pr4-wgpw: IBM Cloud Pak for Business Automation 18↗2023-12-18

▶