CVE-2025-36094

Summary

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak for Business Automation25.0.0 <= 25.0.0 Interim Fix 002affected
IBMCloud Pak for Business Automation24.0.1 <= 24.0.1 Interim Fix 005affected
IBMCloud Pak for Business Automation24.0.0 <= 24.0.0 Interim Fix 007affected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References