CVE-2025-36054
published 2025-11-06CVE-2025-36054: IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow_containers | 24.0.0 – 24.0.0-IF006 | — |
| ibm | business_automation_workflow_containers | 24.0.1 – 24.0.1-IF004 | — |
| ibm | business_automation_workflow_containers | 25.0.0 – 25.0.0-IF001 | — |
| ibm | business_automation_workflow_traditional_with_process_federation_server | — | — |
| ibm | business_automation_workflow_traditional_with_process_federation_server | 24.0.0 – 24.0.1 | — |
| ibm | process_federation_server | — | — |
| ibm | process_federation_server | — | — |
| ibm | process_federation_server | — | — |