PT-2025-45182 · Ibm · Ibm Process Federation Server+1
Published
2025-11-06
·
Updated
2025-11-06
·
CVE-2025-36054
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Business Automation Workflow containers versions 24.0.0 through 24.0.0-IF006
IBM Business Automation Workflow containers versions 24.0.1 through 24.0.1-IF004
IBM Business Automation Workflow containers versions 25.0.0 through 25.0.0-IF001
IBM Business Automation Workflow traditional with Process Federation Server versions 24.0.0 through 24.0.1
IBM Business Automation Workflow traditional with Process Federation Server version 25.0.0
Description
The software is susceptible to cross-site scripting. An unauthenticated attacker can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and leading to credentials disclosure within a trusted session.
Recommendations
IBM Business Automation Workflow containers version 24.0.0-IF006 should be applied.
IBM Business Automation Workflow containers version 24.0.1-IF004 should be applied.
IBM Business Automation Workflow containers version 25.0.0-IF001 should be applied.
IBM Business Automation Workflow traditional with Process Federation Server version 24.0.1 should be applied.
IBM Business Automation Workflow traditional with Process Federation Server version 25.0.0 should be applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Business Automation Workflow
Ibm Process Federation Server