Lucene search
K

729 matches found

CNVD
CNVD
added 2026/02/11 12:0 a.m.3 views

XML external entity injection vulnerability in IBM Business Automation Workflow containers and IBM Business Automation Workflow traditional

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow containers V25.0....

7.1CVSS5.7AI score0.00458EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:15 p.m.5 views

CVE-2025-13096

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

7.1CVSS5.8AI score0.00458EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:56 p.m.5 views

CVE-2025-13096

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

7.1CVSS5.6AI score0.00458EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/02/02 8:56 p.m.30 views

CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

7.1CVSS0.00458EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 5:24 p.m.7 views

Security Bulletin: Security vulnerability in Apache Commons Lang may affect IBM Business Automation Workflow - CVE-2025-48924

Summary IBM Business Automation Workflow packages a vulnerable copy of the Apache Commons Lang open source library. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.4AI score0.02164EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 4:15 p.m.18 views

Security Bulletin: Denial of Service vulnerability in axios may affect IBM Business Automation Workflow - CVE-2025-58754

Summary IBM Business Automation Workflow packages a vulnerable version of the axios library. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:30 p.m.8 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-36436

Summary IBM Business Automation Workflow is vulnerable to a Cross-site scripting attack. Vulnerability Details CVEID:CVE-2025-36436 DESCRIPTION: IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

6.4CVSS5.6AI score0.0021EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:21 p.m.8 views

Security Bulletin: XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - CVE-2025-13096

Summary IBM Business Automation Workflow is vulnerable to a XML eXternal Entity injection XXE attack. Vulnerability Details CVEID:CVE-2025-13096 DESCRIPTION: IBM Business Automation Workflow is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker...

7.1CVSS6AI score0.00458EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:17 p.m.11 views

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026

Summary In addition to updating many operating system level packages, IBM Business Automation Workflow container fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse function permits values other than IPv6 addresses to be included in squar...

7.5CVSS6AI score0.00631EPSS
Exploits3Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.7 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS5.3AI score0.0011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.17 views

CVE-2025-36059

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

5.5CVSS5.5AI score0.00089EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.5 views

CVE-2025-36059

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

5.5CVSS5.9AI score0.00089EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.5 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS7.3AI score0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 4:16 p.m.7 views

CVE-2025-36059

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

5.5CVSS0.00089EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:9 p.m.3 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS8.3AI score0.0011EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 3:9 p.m.9 views

CVE-2025-36058 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS8.4AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:9 p.m.16 views

CVE-2025-36058 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS0.0011EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:7 p.m.5 views

CVE-2025-36059 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

4.7CVSS8.6AI score0.00089EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:7 p.m.3 views

CVE-2025-36059

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

4.7CVSS8.4AI score0.00089EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.9 views

IBM Business Automation Workflow security vulnerabilities

IBM Business Automation Workflow is a workflow automation solution developed by IBM Corporation. This product is primarily used for workflow management and compliance control, and it features workflow visibility and scalability. There is a security vulnerability in IBM Business Automation Workflo...

5.5CVSS5.8AI score0.0011EPSS
Exploits0References1
Rows per page
Query Builder