PT-2026-5701 · Ibm · Ibm Cloud Pak For Business Automation
Published
2026-02-02
·
Updated
2026-02-02
·
CVE-2025-36436
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Pak for Business Automation versions 25.0.0 through 25.0.0 Interim Fix 002
IBM Cloud Pak for Business Automation versions 24.0.1 through 24.0.1 Interim Fix 005
IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 Interim Fix 007
Description
The software contains a stored cross-site scripting issue. An authenticated user can embed arbitrary JavaScript code into the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session.
Recommendations
IBM Cloud Pak for Business Automation versions 25.0.0 through 25.0.0 Interim Fix 002 should be updated to a newer version.
IBM Cloud Pak for Business Automation versions 24.0.1 through 24.0.1 Interim Fix 005 should be updated to a newer version.
IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.0 Interim Fix 007 should be updated to a newer version.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cloud Pak For Business Automation