Severity
Medium
Analysis Summary
CVE-2024-38321 CVSS:5.3
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user.
CVE-2024-35143 CVSS:6.7
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database.
Impact
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-38321
- CVE-2024-35143
Affected Vendors
IBM
Affected Products
- IBM Business Automation Workflow 18.0.0.0
- IBM Business Automation Workflow 18.0.0.1
- IBM Business Automation Workflow 18.0.0.2
- IBM Business Automation Workflow 19.0.0.1
- IBM Business Automation Workflow 19.0.0.2
- IBM Business Automation Workflow 19.0.0.3
- IBM Business Automation Workflow 20.0.0.1
- IBM Business Automation Workflow 20.0.0.2
- IBM Business Automation Workflow 21.0.2
- IBM Business Automation Workflow 22.0.2
- IBM Business Automation Workflow 23.0.1
- IBM Business Automation Workflow 23.0.2
- IBM Planning Analytics Local
- IBM Planning Analytics Local All Versions
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.