CVE-2025-36058

EUVD-2026-3372
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ibmCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_automation_workflow
24.0.0
ibmbusiness_automation_workflow
24.0.0:if001
ibmbusiness_automation_workflow
24.0.0:if002
ibmbusiness_automation_workflow
24.0.0:if003
ibmbusiness_automation_workflow
24.0.0:if004
ibmbusiness_automation_workflow
24.0.0:if005
ibmbusiness_automation_workflow
24.0.0:if006
ibmbusiness_automation_workflow
24.0.1
ibmbusiness_automation_workflow
24.0.1:if001
ibmbusiness_automation_workflow
24.0.1:if002
ibmbusiness_automation_workflow
24.0.1:if004
ibmbusiness_automation_workflow
24.0.1:if005
ibmbusiness_automation_workflow
25.0.0
ibmbusiness_automation_workflow
25.0.0:if001
ibmbusiness_automation_workflow
25.0.0:if002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7256777