Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-13096

Опубликовано: 02 фев. 2026
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*
Версия до 24.0.0 (включая)
cpe:2.3:a:ibm:business_automation_workflow:*:-:*:*:containers:*:*:*
Версия до 24.0.0 (включая)
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if007:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if005:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if002:*:*:containers:*:*:*

EPSS

Процентиль: 36%
0.00458
Низкий

7.1 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

github логотип

GHSA-gpf2-rxq3-v5rj

CVSS3: 7.1
github
5 месяцев назад

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

EPSS

Процентиль: 36%
0.00458
Низкий

7.1 High

CVSS3

Дефекты

CWE-918