CVE-2025-36091

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7249999	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_001::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_002::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_003::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_004::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_001::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_002::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_004::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_001::::::

History

05 Nov 2025, 14:51

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-03 16:15

Updated : 2025-11-05 14:51

NVD link : CVE-2025-36091

Mitre link : CVE-2025-36091

CVE.ORG link : CVE-2025-36091

JSON object : View

Products Affected

ibm

cloud_pak_for_business_automation

CWE

CWE-283

Unverified Ownership

{"id": "CVE-2025-36091", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-11-03T16:15:34.413", "references": [{"url": "https://www.ibm.com/support/pages/node/7249999", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-283"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment."}], "lastModified": "2025-11-05T14:51:51.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF879B84-21B0-4FD4-AD2E-7F29EBDD218A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496D1A48-3403-471F-AD07-AEC7E5000AD8"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA215EC3-DDFE-494D-862C-35CA30D9BEDE"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "969ED94C-DB65-482F-B8B8-251B56DE264D"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1810412-5987-4F53-A81E-096A4F0187B5"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F68528C5-034B-4B2C-8745-B969B14B52C5"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADE80E3-4E60-4154-A559-93E2325D799A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01FC35C-29F1-4D57-8804-07A5C1E9EA85"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D682E4B-DA22-4F88-A38F-76FF080AE0B5"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70431A72-663D-432E-9D94-5BBE380E06AB"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33128B64-7030-4A4E-8EF2-E285AF44F99F"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}