Home

Description

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.

PUBLISHED Reserved 2025-04-15 | Published 2025-11-03 | Updated 2025-11-03 | Assigner ibm




MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-602 Client-Side Enforcement of Server-Side Security

Product status

Default status
unaffected

25.0.0
affected

24.0.1
affected

24.0.0
affected

References

www.ibm.com/support/pages/node/7249999 vendor-advisory patch

cve.org (CVE-2025-36093)

nvd.nist.gov (CVE-2025-36093)

Download JSON