26 matches found
CVE-2025-36436
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...
CVE-2025-36094
CVE-2025-36094 affects IBM Cloud Pak for Business Automation. The issue is caused by improper validation of input length, allowing an authenticated user to cause a denial of service or corrupt existing data. Affected versions include 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 In...
CVE-2025-36094 Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length...
CVE-2025-36436
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...
CVE-2025-36058
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...
EUVD-2025-37552
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows an...
PT-2025-44780
Name of the Vulnerable Software and Affected Versions IBM Cloud Pak For Business Automation versions 25.0.0, 24.0.1, and 24.0.0 Description IBM Cloud Pak For Business Automation may allow an attacker to access unauthorized content or perform unauthorized actions through man-in-the-middle techniqu...
IBM Cloud Pak for Business Automation 安全漏洞
IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...
CVE-2025-36023
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key...
PT-2025-32362 · Ibm · Ibm Cloud Pak For Business Automation
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 IF005 IBM Cloud Pak for Business Automation versions 24.0.1 through 24.0.1 IF002 Description: The software contains a flaw that may allow an authenticated user to view...
CVE-2024-41753
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2024-31897
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the...
CVE-2023-35899
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...
IBM Cloud Pak for Automation 安全漏洞
IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from International Business Machines IBM. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and...
CVE-2023-35899 IBM Cloud Pak for Automation CSV injection
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...
CVE-2022-42442
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214...
CVE-2021-29872
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...
CVE-2021-29872
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...
IBM Cloud Pak for Automation 安全漏洞
IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...
CVE-2021-38966
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357...