CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-36054

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.0%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.ibm.com/support/pages/node/7250261

Products affected by CVE-2025-36054

Ibm » Business Automation Workflow » Version: N/A

cpe:2.3:a:ibm:business_automation_workflow:-
Ibm » Business Automation Workflow » Version: 24.0.0

cpe:2.3:a:ibm:business_automation_workflow:24.0.0
Ibm » Business Automation Workflow » Version: 24.0.1

cpe:2.3:a:ibm:business_automation_workflow:24.0.1
Ibm » Business Automation Workflow » Version: 25.0.0

cpe:2.3:a:ibm:business_automation_workflow:25.0.0
Ibm » Process Federation Server » Version: 24.0.0

cpe:2.3:a:ibm:process_federation_server:24.0.0
Ibm » Process Federation Server » Version: 24.0.1

cpe:2.3:a:ibm:process_federation_server:24.0.1
Ibm » Process Federation Server » Version: 25.0.0

cpe:2.3:a:ibm:process_federation_server:25.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-36054

Products

Pricing

Contact Us