Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-36054

Опубликовано: 06 нояб. 2025
Источник: nvd
CVSS3: 6.1
EPSS Низкий

Описание

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_automation_workflow:-:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:process_federation_server:24.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:process_federation_server:24.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:process_federation_server:25.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 28%
0.00097
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-954p-ff4g-qrwj

CVSS3: 6.1
github
3 месяца назад

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

EPSS

Процентиль: 28%
0.00097
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79