What is CVE-2024-49348?

CVE-2024-49348 is a medium-severity vulnerability in Ibm Cloud Pak For Business Automation, classified under Incorrect Privilege Assignment. CVSS score: 4.3/10. Published 2025-02-05.

How severe is CVE-2024-49348?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Privilege escalation in Ibm Cloud Pak For Business Automation

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that…

EPSS: 0.001 (21.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Ibm Cloud Pak For Business Automation — versions 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2

Weakness classification (CWE)

CWE-266 — Incorrect Privilege Assignment

References

www.ibm.com/support/pages/node/7182403

Frequently asked questions

What is CVE-2024-49348?: CVE-2024-49348 is a medium-severity vulnerability in Ibm Cloud Pak For Business Automation, classified under Incorrect Privilege Assignment. CVSS score: 4.3/10. Published 2025-02-05.
How severe is CVE-2024-49348?: Medium severity. CVSS v3 base score is 4.3 out of 10.