CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
16.8%
IBM Business Automation Workflow Center is vulnerable because of insufficient user input validation.
CVEID:CVE-2024-43188
**DESCRIPTION:**IBM Business Automation Workflow could allow a privileged user to perform unauthorized activities due to improper client side validation.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) | Status |
---|---|---|
IBM Business Automation Workflow traditional | V24.0.0 | |
V23.0.1 - V23.0.2 | ||
V22.0.1 - V22.0.2 | ||
V21.0.1 - V21.0.3.1 | ||
V20.0.0.1 - V20.0.0.2 | ||
V19.0.0.1 - V19.0.0.3 | ||
V18.0.0.1 - V18.0.0.3 | affected |
For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.
The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR DT392433 as soon as practical.
Affected Product(s) | Version(s) | Remediation / Fix |
---|---|---|
IBM Business Automation Workflow traditional | V24.0.0 | Apply DT392433 |
IBM Business Automation Workflow traditional | V21.0.3.1 | Apply DT392433 |
IBM Business Automation Workflow traditional |
V23.0.1 - V23.0.2
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.0
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.1 - V18.0.0.3
| Upgrade to a long term support release or the latest SSCD version. See IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | business_automation_workflow | 22.0.2 | cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:* |
ibm | business_automation_workflow | 23.0.1 | cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:enterprise_service_bus:*:*:* |
ibm | business_automation_workflow | 23.0.2 | cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:enterprise_service_bus:*:*:* |
ibm | business_automation_workflow | 24.0.0 | cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:enterprise_service_bus:*:*:* |
ibm | business_automation_workflow | 18.0.0.0 | cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:* |
ibm | business_automation_workflow | 18.0.0.1 | cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:* |
ibm | business_automation_workflow | 18.0.0.2 | cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:* |
ibm | business_automation_workflow | 19.0.0.1 | cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1:*:*:*:*:*:*:* |
ibm | business_automation_workflow | 19.0.0.2 | cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2:*:*:*:*:*:*:* |
ibm | business_automation_workflow | 19.0.0.3 | cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
16.8%