Ibm

Cloud Pak For Business Automation

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-36172

  • EPSS 0.03%
  • Veröffentlicht 03.11.2025 21:18:09
  • Zuletzt bearbeitet 05.11.2025 18:42:42

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross...

7.4

CVE-2025-36093

  • EPSS 0.04%
  • Veröffentlicht 03.11.2025 15:54:30
  • Zuletzt bearbeitet 05.11.2025 15:07:16

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.

6.5

CVE-2025-36092

  • EPSS 0.06%
  • Veröffentlicht 03.11.2025 15:15:43
  • Zuletzt bearbeitet 05.11.2025 14:58:19

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.

4.3

CVE-2025-36091

  • EPSS 0.05%
  • Veröffentlicht 03.11.2025 15:14:02
  • Zuletzt bearbeitet 05.11.2025 14:51:51

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

6.5

CVE-2025-36023

  • EPSS 0.05%
  • Veröffentlicht 08.08.2025 14:51:12
  • Zuletzt bearbeitet 15.08.2025 18:19:48

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

6.5

CVE-2025-1838

Medienbericht
  • EPSS 0.07%
  • Veröffentlicht 03.05.2025 18:23:26
  • Zuletzt bearbeitet 14.08.2025 01:53:13

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

4.3

CVE-2025-1495

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 03.05.2025 16:53:00
  • Zuletzt bearbeitet 14.08.2025 01:52:35

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

6.1

CVE-2024-41753

  • EPSS 0.07%
  • Veröffentlicht 03.05.2025 16:15:19
  • Zuletzt bearbeitet 14.08.2025 01:51:25

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus alter...

5.4

CVE-2024-52365

  • EPSS 0.11%
  • Veröffentlicht 05.02.2025 12:15:28
  • Zuletzt bearbeitet 12.08.2025 16:28:43

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to ...

5.4

CVE-2024-52364

  • EPSS 0.24%
  • Veröffentlicht 05.02.2025 12:15:28
  • Zuletzt bearbeitet 12.08.2025 16:30:44

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed a...