Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 9:11 a.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...

8.8CVSS7.4AI score0.02164EPSS
Exploits6Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.13 views

CVE-2025-1838

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service...

6.5CVSS6.5AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/04 4:9 p.m.11 views

CVE-2025-36093

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls...

7.4CVSS6.1AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2025/11/03 9:18 p.m.31 views

CVE-2025-36172

CVE-2025-36172 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow. The IBM bulletin and related sources describe a stored cross-site scripting (XSS) vulnerability where an authenticated user can inject arbitrary JavaScript into the Web UI, potentially leading to cr...

6.4CVSS5.9AI score0.00162EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/03 3:15 p.m.11 views

CVE-2025-36092 IBM Business Automation Insights improper input validation

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...

6.5CVSS0.00396EPSS
Exploits0References1
CVE
CVE
added 2025/08/08 2:51 p.m.24 views

CVE-2025-36023

Affected product: IBM Cloud Pak for Business Automation. Versions 24.0.0 through 24.0.0-IF005 and 24.0.1 through 24.0.1-IF002 are vulnerable. Root cause: indirect object reference via a user-controlled key allows an authenticated user to view sensitive user and system information. Impact: informa...

6.5CVSS6.2AI score0.00256EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:8 a.m.114 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

9.8CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/07 6:19 p.m.13 views

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

4.3CVSS4.5AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/05 11:30 a.m.34 views

CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

4.3CVSS0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.5 views

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A security vulnerability exists in IBM Cloud Pak for Business Automation. An...

6.5CVSS8.9AI score0.00247EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/26 4:40 p.m.50 views

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF021 and 22.0.2-IF005. Vulnerability Details CVEID:CVE-2023-32339 DESCRIPTION: IBM Business Automation Workflow is vulnerabl...

7.5CVSS8.8AI score0.59501EPSS
Exploits12Affected Software2
Cvelist
Cvelist
added 2023/02/01 6:12 p.m.31 views

CVE-2023-23469 IBM Cloud Pak for Business Automation information disclosure

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504...

4CVSS3.9AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2021/02/08 3:15 p.m.19 views

CVE-2021-20359

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966...

6.5CVSS0.01267EPSS
Exploits0References2
Rows per page
Query Builder