CVE-2025-36023
published 2025-08-08CVE-2025-36023: IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | cloud_pak_for_business_automation | — | — |
| ibm | cloud_pak_for_business_automation | — | — |
| ibm | cloud_pak_for_business_automation | 24.0.0 – 24.0.0 IF005 | — |
| ibm | cloud_pak_for_business_automation | 24.0.1 – 24.0.1 IF002 | — |
| msrc | azl3_kernel_6.6.22.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.35.1-5_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_kernel_5.15.158.2-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.180.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |