CVE-2025-36436

EPSS 0.01%
Veröffentlicht 02.02.2026 23:15:59
Zuletzt bearbeitet 19.02.2026 13:48:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007  is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 16 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Update-

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_001

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_002

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_003

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_004

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_005

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_006

Ibm ≫ Cloud Pak For Business Automation Version24.0.0 Updateinterim_fix_007

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Update-

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Updateinterim_fix_001

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Updateinterim_fix_002

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Updateinterim_fix_004

Ibm ≫ Cloud Pak For Business Automation Version24.0.1 Updateinterim_fix_005

Ibm ≫ Cloud Pak For Business Automation Version25.0.0 Update-

Ibm ≫ Cloud Pak For Business Automation Version25.0.0 Updateinterim_fix_001

Ibm ≫ Cloud Pak For Business Automation Version25.0.0 Updateinterim_fix_002

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
psirt@us.ibm.com	6.4	3.1	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.ibm.com/support/pages/node/7259318

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36436

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36436

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36436

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-36436