CVE-2024-49348

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.

Related Vulnerabilities

CVE-2020-14318

MEDIUM
CVSS:4.3(Medium)

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be un...

CWE-2662020

CVE-2021-1303

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to impro...

CWE-2662021

CVE-2021-1416

MEDIUM
CVSS:4.3(Medium)

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to imp...

CWE-2662021

CVE-2021-36097

MEDIUM
CVSS:4.3(Medium)

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue af...

CWE-2662021

CVE-2024-11486

MEDIUM
CVSS:4.3(Medium)

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the co...

CWE-2662024

CVE-2024-50701

MEDIUM
CVSS:4.3(Medium)

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

CWE-2662024