CVE-2023-38367: IBM Cloud Pak for Automation authentication bypass
First published: Fri Jul 28 2023(Updated: )
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Business Automation | <=V23.0.1 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF022 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes | |
| IBM Cloud Pak for Business Automation | =18.0.0 | |
| IBM Cloud Pak for Business Automation | =18.0.1 | |
| IBM Cloud Pak for Business Automation | =18.0.2 | |
| IBM Cloud Pak for Business Automation | =19.0.1 | |
| IBM Cloud Pak for Business Automation | =19.0.2 | |
| IBM Cloud Pak for Business Automation | =19.0.3 | |
| IBM Cloud Pak for Business Automation | =20.0.1 | |
| IBM Cloud Pak for Business Automation | =20.0.2 | |
| IBM Cloud Pak for Business Automation | =20.0.3 | |
| IBM Cloud Pak for Business Automation | =21.0.1 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_001 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_002 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_003 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_004 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_005 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_006 | |
| IBM Cloud Pak for Business Automation | =21.0.1-interim_fix_007 | |
| IBM Cloud Pak for Business Automation | =21.0.2 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_001 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_0012 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_002 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_003 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_004 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_005 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_006 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_007 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_008 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_009 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_010 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_011 | |
| IBM Cloud Pak for Business Automation | =21.0.2-interim_fix_012 | |
| IBM Cloud Pak for Business Automation | =21.0.3 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_001 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_002 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_003 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_004 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_005 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_006 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_007 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_008 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_009 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_010 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_011 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_012 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_013 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_014 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_015 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_016 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_017 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_018 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_019 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_020 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_021 | |
| IBM Cloud Pak for Business Automation | =21.0.3-interim_fix_022 | |
| IBM Cloud Pak for Business Automation | =22.0.1 | |
| IBM Cloud Pak for Business Automation | =22.0.1-interim_fix_001 | |
| IBM Cloud Pak for Business Automation | =22.0.1-interim_fix_002 | |
| IBM Cloud Pak for Business Automation | =22.0.1-interim_fix_003 | |
| IBM Cloud Pak for Business Automation | =22.0.1-interim_fix_004 | |
| IBM Cloud Pak for Business Automation | =22.0.1-interim_fix_005 | |
| IBM Cloud Pak for Business Automation | =22.0.1-interim_fix_006 | |
| IBM Cloud Pak for Business Automation | =22.0.2 | |
| IBM Cloud Pak for Business Automation | =22.0.2-interim_fix_001 | |
| IBM Cloud Pak for Business Automation | =22.0.2-interim_fix_002 | |
| IBM Cloud Pak for Business Automation | =22.0.2-interim_fix_003 | |
| IBM Cloud Pak for Business Automation | =22.0.2-interim_fix_004 | |
| IBM Cloud Pak for Business Automation | =22.0.2-interim_fix_005 | |
| IBM Cloud Pak for Business Automation | =22.0.2-interim_fix_006 | |
| IBM Cloud Pak for Business Automation | =23.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/trending
- vendor/ibm
- canonical/ibm cloud pak for business automation
- version/ibm cloud pak for business automation/v23.0.1
- version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if022
- version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if006 and later fixesv22.0.1 - v22.0.1-if006 and later fixesv21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes
- version/ibm cloud pak for business automation/18.0.0
- version/ibm cloud pak for business automation/18.0.1
- version/ibm cloud pak for business automation/18.0.2
- version/ibm cloud pak for business automation/19.0.1
- version/ibm cloud pak for business automation/19.0.2
- version/ibm cloud pak for business automation/19.0.3
- version/ibm cloud pak for business automation/20.0.1
- version/ibm cloud pak for business automation/20.0.2
- version/ibm cloud pak for business automation/20.0.3
- version/ibm cloud pak for business automation/21.0.1
- version/ibm cloud pak for business automation/21.0.1-interim_fix_001
- version/ibm cloud pak for business automation/21.0.1-interim_fix_002
- version/ibm cloud pak for business automation/21.0.1-interim_fix_003
- version/ibm cloud pak for business automation/21.0.1-interim_fix_004
- version/ibm cloud pak for business automation/21.0.1-interim_fix_005
- version/ibm cloud pak for business automation/21.0.1-interim_fix_006
- version/ibm cloud pak for business automation/21.0.1-interim_fix_007
- version/ibm cloud pak for business automation/21.0.2
- version/ibm cloud pak for business automation/21.0.2-interim_fix_001
- version/ibm cloud pak for business automation/21.0.2-interim_fix_0012
- version/ibm cloud pak for business automation/21.0.2-interim_fix_002
- version/ibm cloud pak for business automation/21.0.2-interim_fix_003
- version/ibm cloud pak for business automation/21.0.2-interim_fix_004
- version/ibm cloud pak for business automation/21.0.2-interim_fix_005
- version/ibm cloud pak for business automation/21.0.2-interim_fix_006
- version/ibm cloud pak for business automation/21.0.2-interim_fix_007
- version/ibm cloud pak for business automation/21.0.2-interim_fix_008
- version/ibm cloud pak for business automation/21.0.2-interim_fix_009
- version/ibm cloud pak for business automation/21.0.2-interim_fix_010
- version/ibm cloud pak for business automation/21.0.2-interim_fix_011
- version/ibm cloud pak for business automation/21.0.2-interim_fix_012
- version/ibm cloud pak for business automation/21.0.3
- version/ibm cloud pak for business automation/21.0.3-interim_fix_001
- version/ibm cloud pak for business automation/21.0.3-interim_fix_002
- version/ibm cloud pak for business automation/21.0.3-interim_fix_003
- version/ibm cloud pak for business automation/21.0.3-interim_fix_004
- version/ibm cloud pak for business automation/21.0.3-interim_fix_005
- version/ibm cloud pak for business automation/21.0.3-interim_fix_006
- version/ibm cloud pak for business automation/21.0.3-interim_fix_007
- version/ibm cloud pak for business automation/21.0.3-interim_fix_008
- version/ibm cloud pak for business automation/21.0.3-interim_fix_009
- version/ibm cloud pak for business automation/21.0.3-interim_fix_010
- version/ibm cloud pak for business automation/21.0.3-interim_fix_011
- version/ibm cloud pak for business automation/21.0.3-interim_fix_012
- version/ibm cloud pak for business automation/21.0.3-interim_fix_013
- version/ibm cloud pak for business automation/21.0.3-interim_fix_014
- version/ibm cloud pak for business automation/21.0.3-interim_fix_015
- version/ibm cloud pak for business automation/21.0.3-interim_fix_016
- version/ibm cloud pak for business automation/21.0.3-interim_fix_017
- version/ibm cloud pak for business automation/21.0.3-interim_fix_018
- version/ibm cloud pak for business automation/21.0.3-interim_fix_019
- version/ibm cloud pak for business automation/21.0.3-interim_fix_020
- version/ibm cloud pak for business automation/21.0.3-interim_fix_021
- version/ibm cloud pak for business automation/21.0.3-interim_fix_022
- version/ibm cloud pak for business automation/22.0.1
- version/ibm cloud pak for business automation/22.0.1-interim_fix_001
- version/ibm cloud pak for business automation/22.0.1-interim_fix_002
- version/ibm cloud pak for business automation/22.0.1-interim_fix_003
- version/ibm cloud pak for business automation/22.0.1-interim_fix_004
- version/ibm cloud pak for business automation/22.0.1-interim_fix_005
- version/ibm cloud pak for business automation/22.0.1-interim_fix_006
- version/ibm cloud pak for business automation/22.0.2
- version/ibm cloud pak for business automation/22.0.2-interim_fix_001
- version/ibm cloud pak for business automation/22.0.2-interim_fix_002
- version/ibm cloud pak for business automation/22.0.2-interim_fix_003
- version/ibm cloud pak for business automation/22.0.2-interim_fix_004
- version/ibm cloud pak for business automation/22.0.2-interim_fix_005
- version/ibm cloud pak for business automation/22.0.2-interim_fix_006
- version/ibm cloud pak for business automation/23.0.1