CVE-2025-1838

Medienbericht

EPSS 0.21%
Veröffentlicht 03.05.2025 18:23:26
Zuletzt bearbeitet 14.08.2025 01:53:13
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Cloud Pak for Business Automation denial of service

IBM Cloud Pak for Business Automation

 24.0.0 and 24.0.1 through 24.0.1 IF001 

Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 8 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Cloud Pak For Business Automation Version24.0.0

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Update-

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_001

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_002

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_003

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_004

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Update-

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Updateinterim_fix_001

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.432

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

https://www.heise.de/news/Sicherheitsluecken-IBM-Business-Automation-Workflow-kann-Zugangsdaten-leaken-10372911.html

Media Report

https://www.ibm.com/support/pages/node/7232429

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1838

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-1838