CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36023 – IBM Cloud Pak for Business Automation security bypass
https://notcve.org/view.php?id=CVE-2025-36023
08 Aug 2025 — IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key. • https://www.ibm.com/support/pages/node/7241570 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1838 – IBM Cloud Pak for Business Automation denial of service
https://notcve.org/view.php?id=CVE-2025-1838
03 May 2025 — IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service. • https://www.ibm.com/support/pages/node/7232429 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41753 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41753
03 May 2025 — IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7232197 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •