Skip to main content

Cloud Pak For Business Automation CVE-2025-36093

MEDIUM
Client-Side Enforcement of Server-Side Security (CWE-602)
2025-11-03 psirt@us.ibm.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:20 vuln.today
CVE Published
Nov 03, 2025 - 16:15 nvd
MEDIUM 4.8

DescriptionCVE.org

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.

AnalysisAI

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-602. IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls. Affected products include: Ibm Cloud Pak For Business Automation.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-35024 HIGH
7.6 Oct 14

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

CVE-2025-1838 MEDIUM
6.5 May 03

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to b

CVE-2024-52365 MEDIUM
6.4 Feb 05

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

CVE-2025-36436 MEDIUM
6.4 Feb 02

Cloud Pak For Business Automation versions up to 24.0.0 is affected by cross-site scripting (xss) (CVSS 6.4).

CVE-2024-41753 MEDIUM
6.1 May 03

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross

CVE-2023-32339 MEDIUM
6.1 Jun 27

IBM Business Automation Workflow is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2024-52364 MEDIUM
5.4 Feb 05

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

CVE-2025-36094 MEDIUM
5.4 Feb 03

Cloud Pak For Business Automation versions up to 24.0.0 contains a vulnerability that allows attackers to an authenticat

CVE-2024-37528 MEDIUM
5.4 Jul 08

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

CVE-2023-22860 MEDIUM
5.4 Feb 27

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

CVE-2023-40691 MEDIUM
4.9 Dec 18

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

CVE-2024-49348 MEDIUM
4.3 Feb 05

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21

Share

CVE-2025-36093 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy