IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_pak_for_multicloud_management_monitoring | Ibm | 2.0.0 (including) | 2.3.0 (excluding) |
| Cloud_pak_for_multicloud_management_monitoring | Ibm | 2.3.0 (including) | 2.3.0 (including) |
| Cloud_pak_for_multicloud_management_monitoring | Ibm | 2.3.0-fixpack2 (including) | 2.3.0-fixpack2 (including) |
| Cloud_pak_for_multicloud_management_monitoring | Ibm | 2.3.0-fixpack3 (including) | 2.3.0-fixpack3 (including) |
| Cloud_pak_for_multicloud_management_monitoring | Ibm | 2.3.0-fixpack4 (including) | 2.3.0-fixpack4 (including) |
| Cloud_pak_for_multicloud_management_monitoring | Ibm | 2.3.0-fixpack5 (including) | 2.3.0-fixpack5 (including) |