7.1
CVE-2025-13096
- EPSS 0.06%
- Veröffentlicht 02.02.2026 23:15:58
- Zuletzt bearbeitet 03.02.2026 16:44:03
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerIBM
≫
Produkt
Business Automation Workflow containers
Version <=
V25.0.0-IF002
Version
V25.0.0
Status
affected
Version <=
V24.0.1-IF005
Version
V24.0.1
Status
affected
Version <=
V24.0.0-IF007
Version
V24.0.0
Status
affected
HerstellerIBM
≫
Produkt
Business Automation Workflow traditional
Version
25.0.0
Status
affected
Version
24.0.1
Status
affected
Version
24.0.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.179 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.