EUVD-2026-32521
GHSA-gq2r-qh4m-2g7x
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
AnalysisAI
Information disclosure in IBM Business Automation Workflow (containers and traditional deployments) exposes internal database schema details through application error messages to authenticated low-privilege users. Affecting versions across the 24.0.0, 24.0.1, 25.0.0, and 25.0.1 release lines, a network-accessible authenticated attacker can deliberately trigger error conditions to harvest database structure information - table names, column names, or schema layout - without needing elevated permissions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr
Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra
Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu
Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded
Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)
Share
External POC / Exploit Code
Leaving vuln.today