CVE-2024-49348

Summary

CVE-2024-49348 affects IBM Cloud Pak for Business Automation versions 18.0.0 to 22.0.2. This vulnerability allows unintended access to organizational data due to the ability to reassign comment tasks via API, which implicitly grants access to user queries in unexpected contexts. Users in restricted contexts may gain access to data beyond their authorized scope, posing a significant risk to data security. IBM strongly recommends updating to the latest version to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.