PT-2026-53970 · Ibm · Business Automation Manager Open Editions

Published

2026-06-30

·

Updated

2026-06-30

·

CVE-2026-13449

CVSS v3.1

7.6

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13449

Affected Products

Business Automation Manager Open Editions