CNNVD-202602-073 Information
CNNVD ID
CNNVD-202602-073
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
IBM Business Automation Workflow是美国国际商业机器(IBM)公司的一套工作流程自动化解决方案。该产品主要用于工作流程管理、合规性管理,并具有工作流程可见性和可扩展等特点。 IBM Business Automation Workflow V25.0.0至V25.0.0-IF007版本、V24.0.1至V24.0.1-IF007版本、V24.0.0至V24.0.0-IF007版本和IBM Business Automation Workflow传统版V25.0.0版本、V24.0.1版本、V24.0.0版本存在代码问题漏洞,该漏洞源于处理XML数据时容易受到XML外部实体注入攻击,可能导致泄露敏感信息或消耗内存资源。
Description (English)
IBM Business Automation Workflow is an automated workflow solution for IBM. The product is primarily used for workflow management, compliance management and has features such as workflow visibility and scalability. There is a code gap between IBM Business Action V25.0.0 to V25.0.0-IF007, V24.0.1 to V24.0.1-IF007, V24.0.0 to V24.0.0-IF007 and IBM Business Action Worklow traditional V25.0.0, V24.01, V24.0.0, V24.0.0, XML external entities are vulnerable to infusion attacks, which can lead to the disclosure of sensitive information or depletion of memory resources.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
国际商业机器
Published
2026-02-02
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7259321 https://access.redhat.com/security/cve/cve-2025-13096
Patch
https://www.ibm.com/support/pages/node/7259321
Share on: