CVE-2023-38367: IBM Cloud Pak for Automation authentication bypass

First published: Fri Jul 28 2023(Updated: )

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.

Credit: psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/mitre-cve
• source/MITRE
• agent/title
• agent/references
• agent/type
• agent/description
• agent/first-publish-date
• agent/softwarecombine
• collector/ibm-support
• source/IBM
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• collector/nvd-api
• source/NVD
• agent/severity
• agent/author
• agent/last-modified-date
• agent/tags
• agent/event
• vendor/ibm
• canonical/ibm cloud pak for business automation
• version/ibm cloud pak for business automation/v23.0.1
• version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if022
• version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if006 and later fixesv22.0.1 - v22.0.1-if006 and later fixesv21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes