Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for IBM Business Automation Workflow by IBM

    CVE-2025-1495 (GCVE-0-2025-1495)

    Vulnerability from nvd – Published: 2025-05-03 16:53 – Updated: 2025-08-28 14:28
    VLAI
    Title
    IBM Business Automation Workflow missing authentication
    Summary
    IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7232434 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM IBM Business Automation Workflow Affected: 24.0.1 , ≤ 24.0.1 IF001 (semver)
    Affected: 24.0.0
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1495",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-05T14:40:24.977485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T14:57:22.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "IBM Business Automation Workflow",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "24.0.1 IF001",
                  "status": "affected",
                  "version": "24.0.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "24.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
                }
              ],
              "value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T14:28:22.723Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7232434"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Business Automation Workflow containers  V24.0.1 - V24.0.1-IF001  Apply 24.0.1-IF002\u003cbr\u003eIBM Business Automation Workflow traditional  V24.0.1  Apply DT424716"
                }
              ],
              "value": "IBM Business Automation Workflow containers  V24.0.1 - V24.0.1-IF001  Apply 24.0.1-IF002\nIBM Business Automation Workflow traditional  V24.0.1  Apply DT424716"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Business Automation Workflow missing authentication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-1495",
        "datePublished": "2025-05-03T16:53:00.666Z",
        "dateReserved": "2025-02-20T02:17:50.673Z",
        "dateUpdated": "2025-08-28T14:28:22.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1495 (GCVE-0-2025-1495)

    Vulnerability from cvelistv5 – Published: 2025-05-03 16:53 – Updated: 2025-08-28 14:28
    VLAI
    Title
    IBM Business Automation Workflow missing authentication
    Summary
    IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7232434 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM IBM Business Automation Workflow Affected: 24.0.1 , ≤ 24.0.1 IF001 (semver)
    Affected: 24.0.0
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1495",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-05T14:40:24.977485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T14:57:22.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "IBM Business Automation Workflow",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "24.0.1 IF001",
                  "status": "affected",
                  "version": "24.0.1",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "24.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
                }
              ],
              "value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T14:28:22.723Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7232434"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Business Automation Workflow containers  V24.0.1 - V24.0.1-IF001  Apply 24.0.1-IF002\u003cbr\u003eIBM Business Automation Workflow traditional  V24.0.1  Apply DT424716"
                }
              ],
              "value": "IBM Business Automation Workflow containers  V24.0.1 - V24.0.1-IF001  Apply 24.0.1-IF002\nIBM Business Automation Workflow traditional  V24.0.1  Apply DT424716"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Business Automation Workflow missing authentication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-1495",
        "datePublished": "2025-05-03T16:53:00.666Z",
        "dateReserved": "2025-02-20T02:17:50.673Z",
        "dateUpdated": "2025-08-28T14:28:22.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }