Improper Client Side Validation in IBM Business Automation Workflow
CVE-2024-43188

4.9MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-43188?

IBM Business Automation Workflow versions 22.0.2, 23.0.1, 23.0.2, and 24.0.0 are susceptible to an implementation flaw where improper client side validation can allow a privileged user to execute unauthorized actions within the application. This weakness may be exploited to access or modify sensitive information, compromising the integrity of the system. Users are advised to apply necessary updates and adhere to best security practices to mitigate potential risks.

References

https://www.ibm.com/support/pages/node/7168769

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024