Lucene search

IbmCVE-2024-31897

HistoryJul 08, 2024 - 3:15 a.m.

CVE-2024-31897

2024-07-0803:15:02

CWE-918

ibm

web.nvd.nist.gov

ibm

cloud pak

business automation

ssrf

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

13.4%

JSON

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.

Affected configurations

Nvd

Vulners

Node

ibmcloud_pak_for_business_automationRange18.0.0–18.0.2

ibmcloud_pak_for_business_automationRange19.0.1–19.0.3

ibmcloud_pak_for_business_automationRange20.0.1–20.0.3

ibmcloud_pak_for_business_automationMatch21.0.1-

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_001

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_002

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_003

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_004

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_005

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_006

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_007

ibmcloud_pak_for_business_automationMatch21.0.1interim_fix_008

ibmcloud_pak_for_business_automationMatch21.0.3-

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_001

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_002

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_003

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_004

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_005

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_006

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_007

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_008

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_009

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_010

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_011

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_012

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_013

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_014

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_015

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_016

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_017

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_018

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_019

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_020

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_021

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_022

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_023

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_024

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_025

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_026

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_028

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_029

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_030

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_031

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_032

ibmcloud_pak_for_business_automationMatch21.0.3interim_fix_033

ibmcloud_pak_for_business_automationMatch22.0.1-

ibmcloud_pak_for_business_automationMatch22.0.1interim_fix_001

ibmcloud_pak_for_business_automationMatch22.0.1interim_fix_002

ibmcloud_pak_for_business_automationMatch22.0.1interim_fix_003

ibmcloud_pak_for_business_automationMatch22.0.1interim_fix_004

ibmcloud_pak_for_business_automationMatch22.0.1interim_fix_005

ibmcloud_pak_for_business_automationMatch22.0.1interim_fix_006

ibmcloud_pak_for_business_automationMatch22.0.2-

ibmcloud_pak_for_business_automationMatch22.0.2interim_fix_001

ibmcloud_pak_for_business_automationMatch22.0.2interim_fix_002

ibmcloud_pak_for_business_automationMatch22.0.2interim_fix_003

ibmcloud_pak_for_business_automationMatch22.0.2interim_fix_004

ibmcloud_pak_for_business_automationMatch22.0.2interim_fix_005

ibmcloud_pak_for_business_automationMatch22.0.2interim_fix_006

ibmcloud_pak_for_business_automationMatch23.0.1-

ibmcloud_pak_for_business_automationMatch23.0.1interim_fix_001

ibmcloud_pak_for_business_automationMatch23.0.1interim_fix_002

ibmcloud_pak_for_business_automationMatch23.0.1interim_fix_003

ibmcloud_pak_for_business_automationMatch23.0.1interim_fix_004

ibmcloud_pak_for_business_automationMatch23.0.2-

ibmcloud_pak_for_business_automationMatch23.0.2interim_fix_001

ibmcloud_pak_for_business_automationMatch23.0.2interim_fix_002

ibmcloud_pak_for_business_automationMatch23.0.2interim_fix_003

ibmcloud_pak_for_business_automationMatch23.0.2interim_fix_004

ibmcloud_pak_for_business_automationMatch23.0.2interim_fix_005

VendorProductVersionCPE
ibmcloud_pak_for_business_automation*cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*
ibmcloud_pak_for_business_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_008:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cloud_pak_for_business_automation	*	cpe:2.3:a:ibm:cloud_pak_for_business_automation::::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007::::::
ibm	cloud_pak_for_business_automation	21.0.1	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_008::::::

Rows per page:

1-10 of 681

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Business Automation",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, 23.0.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/288178

www.ibm.com/support/pages/node/7159332

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

13.4%

JSON

Related for CVE-2024-31897