Search
Find a vulnerability
Search criteria
2 vulnerabilities found for IBM Business Automation Workflow by IBM
CVE-2025-1495 (GCVE-0-2025-1495)
Vulnerability from nvd – Published: 2025-05-03 16:53 – Updated: 2025-08-28 14:28
VLAI
Title
IBM Business Automation Workflow missing authentication
Summary
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7232434 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | IBM Business Automation Workflow |
Affected:
24.0.1 , ≤ 24.0.1 IF001
(semver)
Affected: 24.0.0 cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:40:24.977485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:57:22.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "IBM Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "24.0.1 IF001",
"status": "affected",
"version": "24.0.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:28:22.723Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\u003cbr\u003eIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\nIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1495",
"datePublished": "2025-05-03T16:53:00.666Z",
"dateReserved": "2025-02-20T02:17:50.673Z",
"dateUpdated": "2025-08-28T14:28:22.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1495 (GCVE-0-2025-1495)
Vulnerability from cvelistv5 – Published: 2025-05-03 16:53 – Updated: 2025-08-28 14:28
VLAI
Title
IBM Business Automation Workflow missing authentication
Summary
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7232434 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | IBM Business Automation Workflow |
Affected:
24.0.1 , ≤ 24.0.1 IF001
(semver)
Affected: 24.0.0 cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:40:24.977485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:57:22.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "IBM Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "24.0.1 IF001",
"status": "affected",
"version": "24.0.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:28:22.723Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\u003cbr\u003eIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\nIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1495",
"datePublished": "2025-05-03T16:53:00.666Z",
"dateReserved": "2025-02-20T02:17:50.673Z",
"dateUpdated": "2025-08-28T14:28:22.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}