CNNVD-202511-686 Information

CNNVD ID

CNNVD-202511-686

Related CVE

CVE-2025-36054

• CNNVD Published: 2025-11-06

Description (Chinese)

IBM Business Automation Workflow containers和IBM Business Automation Workflow traditional with Process Federation Server都是美国国际商业机器（IBM）公司的一套企业流程自动化平台。 IBM Business Automation Workflow containers和IBM Business Automation Workflow traditional with Process Federation Server存在跨站脚本漏洞，该漏洞源于未经验证的攻击者可在Web UI中嵌入任意JavaScript代码，可能导致凭据泄露。以下版本受到影响：IBM Business Automation Workflow containers 24.0.0版本至24.0.0-IF006版本、24.0.1版本至24.0.1-IF004版本、25.0.0版本至25.0.0-IF001版本和IBM Business Automation Workflow traditional with Process Federation Server 24.0.0版本至24.0.1版本和25.0.0版本。

Description (English)

The IBM Business Industry Workforce Containers and the IBM Business Operations Industry Process with Access Technology Server are both a business process automation platform for the United States International Business Machine (IBM). There is a cross-site loophole between IBM Business Operations Corporation and IBM Business Operations Organization with Access Security Service, which stems from the fact that uncertified assailants can embed any JavaScript code in Web UI, which could lead to disclosure on paper. The following versions have been affected: IBM Business Action 24.0.0 to 24.0.0-IF006, 24.0.1 to 24.0.1-IF004, 25.0.0 to 25.0.0-IF001 and IBM Business Action Service 24.0 to 24.0.1 and 25.0.0.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

国际商业机器

Published

2025-11-06

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7250261

Patch

https://www.ibm.com/support/pages/node/7250261