Skip to main content

Business Automation Workflow CVE-2025-1495

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2025-05-03 psirt@us.ibm.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:39 vuln.today
CVE Published
May 03, 2025 - 17:15 nvd
MEDIUM 4.3

DescriptionCVE.org

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

AnalysisAI

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. Affected products include: Ibm Business Automation Workflow. Version information: through 24.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2018-1674 HIGH
8.8 Sep 20

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. Rated high s

CVE-2019-4424 HIGH
8.2 Aug 20

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External E

CVE-2025-13096 HIGH
7.1 Feb 02

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF

CVE-2024-38321 MEDIUM
6.5 Aug 03

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log file

CVE-2022-22361 MEDIUM
6.5 May 31

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3

CVE-2021-38900 MEDIUM
6.5 Dec 21

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a pr

CVE-2022-41735 MEDIUM
6.1 Dec 07

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable

CVE-2021-29835 MEDIUM
6.1 Oct 22

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity

CVE-2020-4490 MEDIUM
6.1 May 29

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote atta

CVE-2018-1848 MEDIUM
6.1 Dec 14

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVS

CVE-2021-29753 MEDIUM
5.9 Nov 05

IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no au

CVE-2019-4425 MEDIUM
5.7 Aug 20

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive informat

Share

CVE-2025-1495 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy