6.4
CVE-2025-36436
- EPSS 0.01%
- Veröffentlicht 02.02.2026 23:15:59
- Zuletzt bearbeitet 03.02.2026 16:44:03
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerIBM
≫
Produkt
Cloud Pak for Business Automation
Version <=
25.0.0 Interim Fix 002
Version
25.0.0
Status
affected
Version <=
24.0.1 Interim Fix 005
Version
24.0.1
Status
affected
Version <=
24.0.0 Interim Fix 007
Version
24.0.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.