Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation...

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Basic Information

ID CVE-2025-36054

Source ibm

Published Nov 6, 2025 at 14:11

Modified Nov 6, 2025 at 14:32

Affected Product

Vendor IBM

Product Business Automation Workflow containers

Version 24.0.0

Affected Versions IBM Business Automation Workflow containers 24.0.0
IBM Business Automation Workflow containers 24.0.1
IBM Business Automation Workflow containers 25.0.0
IBM Business Automation Workflow traditional with Process Federation Server 24.0.0
IBM Business Automation Workflow traditional with Process Federation Server 25.0.0

CWE Classification

CWE-79

References

www.ibm.com /support/pages/node/7250261

{
    "lastseen": "",
    "description": "IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
    "published": "2025-11-06T14:11:49.396Z",
    "modified": "2025-11-06T14:32:53.254Z",
    "type": "cve",
    "title": "Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7250261",
    "id": "CVE-2025-36054",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "IBM Business Automation Workflow containers 24.0.0\nIBM Business Automation Workflow containers 24.0.1\nIBM Business Automation Workflow containers 25.0.0\nIBM Business Automation Workflow traditional with Process Federation Server 24.0.0\nIBM Business Automation Workflow traditional with Process Federation Server 25.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Business Automation Workflow containers",
    "version": "24.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -_CVE-2025-36054