PT-2025-44796 · Ibm · Ibm Cloud Pak For Business Automation+1
Published
2025-11-03
·
Updated
2025-11-04
·
CVE-2025-36172
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Pak for Business Automation versions 25.0.0 through 25.0.0 Interim Fix 001
IBM Cloud Pak for Business Automation versions 24.0.1 through 24.0.1 Interim Fix 004
IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 Interim Fix 006
IBM Business Automation Workflow earlier unsupported releases
Description
The software is susceptible to a stored cross-site scripting issue. An authenticated user can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and leading to credentials disclosure within a trusted session.
Recommendations
IBM Cloud Pak for Business Automation version 25.0.0 Interim Fix 002 or later should be installed.
IBM Cloud Pak for Business Automation version 24.0.1 Interim Fix 005 or later should be installed.
IBM Cloud Pak for Business Automation version 24.0.0 Interim Fix 007 or later should be installed.
Earlier unsupported releases should be upgraded to a supported version.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Business Automation Workflow
Ibm Cloud Pak For Business Automation