CVE-2025-36093
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cloud Pak For Business Automation | 25.0.0 | affected |
| IBM | Cloud Pak For Business Automation | 24.0.1 | affected |
| IBM | Cloud Pak For Business Automation | 24.0.0 | affected |
Weaknesses
- CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security
Workarounds
Workarounds and Mitigations None.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.