CVE-2025-13096

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

CVE-2025-13096

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

PT-2026-5697

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow containers versions 24.0.0 through 25.0.0-IF007 IBM Business Automation Workflow traditional versions 24.0.0 through 25.0.0 Description The software is susceptible to an XML External Entity XXE attack when...

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

CVE-2025-36058

CVE-2025-36058 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The issue could disclose sensitve configuration information stored in a config map. Red Hat/IBM advisories and IBM Security Bulletins identify the affected versions as: IBM Cloud Pak for ...

CVE-2025-36059 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

CVE-2025-36059

CVE-2025-36059 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers: 25.0.0-IF002, 24.0.1-IF005, and 24.0.0-IF006. The root cause is a local user with container access being able to execute OS system calls. IBM bulletin notes remediation by applying fixed ...

IBM Business Automation Workflow containers和IBM Business Automation Workflow traditional with Process Federation Server 跨站脚本漏洞

IBM Business Automation Workflow containers and IBM Business Automation Workflow traditional with Process Federation Server are both International Business Machines IBM suites of enterprise process automation platforms from International Business Machines IBM. A cross-site scripting vulnerability...

Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow - CVE-2024-38321

Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details CVEID:CVE-2024-38321 DESCRIPTION: IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations th...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...