CVE-2024-38321

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Business_automation_workflow	Ibm	20.0.0.1 (including)	20.0.0.1 (including)
Business_automation_workflow	Ibm	20.0.0.2 (including)	20.0.0.2 (including)
Business_automation_workflow	Ibm	21.0.2 (including)	21.0.2 (including)
Business_automation_workflow	Ibm	21.0.3 (including)	21.0.3 (including)
Business_automation_workflow	Ibm	21.0.3-if002 (including)	21.0.3-if002 (including)
Business_automation_workflow	Ibm	21.0.3-if005 (including)	21.0.3-if005 (including)
Business_automation_workflow	Ibm	21.0.3-if006 (including)	21.0.3-if006 (including)
Business_automation_workflow	Ibm	21.0.3-if007 (including)	21.0.3-if007 (including)
Business_automation_workflow	Ibm	21.0.3-if008 (including)	21.0.3-if008 (including)
Business_automation_workflow	Ibm	21.0.3-if009 (including)	21.0.3-if009 (including)
Business_automation_workflow	Ibm	21.0.3-if010 (including)	21.0.3-if010 (including)
Business_automation_workflow	Ibm	21.0.3-if011 (including)	21.0.3-if011 (including)
Business_automation_workflow	Ibm	21.0.3-if012 (including)	21.0.3-if012 (including)
Business_automation_workflow	Ibm	21.0.3-if013 (including)	21.0.3-if013 (including)
Business_automation_workflow	Ibm	21.0.3-if014 (including)	21.0.3-if014 (including)
Business_automation_workflow	Ibm	21.0.3-if015 (including)	21.0.3-if015 (including)
Business_automation_workflow	Ibm	21.0.3-if016 (including)	21.0.3-if016 (including)
Business_automation_workflow	Ibm	21.0.3-if017 (including)	21.0.3-if017 (including)
Business_automation_workflow	Ibm	21.0.3-if028 (including)	21.0.3-if028 (including)
Business_automation_workflow	Ibm	21.0.3-if029 (including)	21.0.3-if029 (including)
Business_automation_workflow	Ibm	21.0.3-if030 (including)	21.0.3-if030 (including)
Business_automation_workflow	Ibm	21.0.3-if031 (including)	21.0.3-if031 (including)
Business_automation_workflow	Ibm	21.0.3-if032 (including)	21.0.3-if032 (including)
Business_automation_workflow	Ibm	21.0.3-if033 (including)	21.0.3-if033 (including)
Business_automation_workflow	Ibm	21.0.3-if034 (including)	21.0.3-if034 (including)
Business_automation_workflow	Ibm	22.0.1 (including)	22.0.1 (including)
Business_automation_workflow	Ibm	22.0.2 (including)	22.0.2 (including)
Business_automation_workflow	Ibm	23.0.1 (including)	23.0.1 (including)
Business_automation_workflow	Ibm	23.0.2 (including)	23.0.2 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-38321
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

References

CVE-2024-38321

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References