Skip to main content

Business Automation Manager

1 CVEs product

Monthly

CVE-2026-13449 CRITICAL Act Now

XML external entity (XXE) injection in IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 lets a remote, unauthenticated attacker submit crafted XML to the application's XML parser to read sensitive files or exhaust memory. The flaw carries a CVSS 9.1 (high confidentiality and availability impact) but has no public exploit identified at time of analysis, and EPSS is low at 0.39% (31st percentile). Reported by IBM PSIRT with a vendor advisory published (IBM support node 7278532).

IBM XXE Business Automation Manager
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

XML external entity (XXE) injection in IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 lets a remote, unauthenticated attacker submit crafted XML to the application's XML parser to read sensitive files or exhaust memory. The flaw carries a CVSS 9.1 (high confidentiality and availability impact) but has no public exploit identified at time of analysis, and EPSS is low at 0.39% (31st percentile). Reported by IBM PSIRT with a vendor advisory published (IBM support node 7278532).

IBM XXE Business Automation Manager
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy