Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Details
CVSS v3
8.2
NVD published
2026-03-19 23:16:41
EPSS
<0.1% probability · 15.4th percentile — 2026-03-30
Affected versions
Not available in our cache.
Summary
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path.
This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15.
This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.