{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1838", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-02T14:31:16.519Z", "datePublished": "2025-05-03T18:23:26.127Z", "dateUpdated": "2025-05-05T14:57:15.676Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Cloud Pak for Business Automation", "vendor": "IBM", "versions": [{"lessThanOrEqual": "24.0.1 IF001", "status": "affected", "version": "24.0.1", "versionType": "semver"}, {"lessThanOrEqual": "24.0.0 IF004", "status": "affected", "version": "24.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cloud Pak for Business Automation</span>\n\n 24.0.0 and 24.0.1 through 24.0.1 IF001 \n\n<span style=\"background-color: rgb(255, 255, 255);\">Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.</span>"}], "value": "IBM Cloud Pak for Business Automation\n\n 24.0.0 and 24.0.1 through 24.0.1 IF001 \n\nAuthoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-03T18:23:26.127Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7232429"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Cloud Pak for Business Automation V24.0.1 - V24.0.1-IF001 Apply security fix 24.0.1-IF002<br>IBM Cloud Pak for Business Automation V24.0.0 - V24.0.1-IF004 Upgrade and apply security fix 24.0.0-IF005"}], "value": "IBM Cloud Pak for Business Automation V24.0.1 - V24.0.1-IF001 Apply security fix 24.0.1-IF002\nIBM Cloud Pak for Business Automation V24.0.0 - V24.0.1-IF004 Upgrade and apply security fix 24.0.0-IF005"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Cloud Pak for Business Automation denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T14:40:22.215378Z", "id": "CVE-2025-1838", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T14:57:15.676Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1838", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-05T14:40:22.215378Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T14:40:23.712Z"}}], "cna": {"title": "IBM Cloud Pak for Business Automation denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"], "vendor": "IBM", "product": "Cloud Pak for Business Automation", "versions": [{"status": "affected", "version": "24.0.1", "versionType": "semver", "lessThanOrEqual": "24.0.1 IF001"}, {"status": "affected", "version": "24.0.0", "versionType": "semver", "lessThanOrEqual": "24.0.0 IF004"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation V24.0.1 - V24.0.1-IF001 Apply security fix 24.0.1-IF002\nIBM Cloud Pak for Business Automation V24.0.0 - V24.0.1-IF004 Upgrade and apply security fix 24.0.0-IF005", "supportingMedia": [{"type": "text/html", "value": "IBM Cloud Pak for Business Automation V24.0.1 - V24.0.1-IF001 Apply security fix 24.0.1-IF002<br>IBM Cloud Pak for Business Automation V24.0.0 - V24.0.1-IF004 Upgrade and apply security fix 24.0.0-IF005", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7232429", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation\n\n 24.0.0 and 24.0.1 through 24.0.1 IF001 \n\nAuthoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cloud Pak for Business Automation</span>\n\n 24.0.0 and 24.0.1 through 24.0.1 IF001 \n\n<span style=\"background-color: rgb(255, 255, 255);\">Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-03T18:23:26.127Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1838", "state": "PUBLISHED", "dateUpdated": "2025-05-05T14:57:15.676Z", "dateReserved": "2025-03-02T14:31:16.519Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-05-03T18:23:26.127Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation\n\n 24.0.0 and 24.0.1 through 24.0.1 IF001 \n\nAuthoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service."}, {"lang": "es", "value": "IBM Cloud Pak for Business Automation 24.0.0 y 24.0.1 a 24.0.1 IF001 La creaci\u00f3n permite que un usuario autenticado omita la validaci\u00f3n de datos del lado del cliente en una interfaz de usuario de creaci\u00f3n, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2025-1838", "lastModified": "2025-05-05T20:54:19.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-05-03T19:15:48.607", "references": [{"source": "[email protected]", "url": "https://www.ibm.com/support/pages/node/7232429"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-602"}], "source": "[email protected]", "type": "Primary"}]}

{}