CVE-2025-1838 | THREATINT

Description

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

PUBLISHED Reserved 2025-03-02 | Published 2025-05-03 | Updated 2025-08-28 | Assigner ibm

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-602 Client-Side Enforcement of Server-Side Security

Product status

Default status

unaffected

24.0.1 (semver)

affected

24.0.0 (semver)

affected

References

www.ibm.com/support/pages/node/7232429 vendor-advisory patch

cve.org (CVE-2025-1838)

nvd.nist.gov (CVE-2025-1838)

Download JSON