CVE-2025-36093

EUVD-2025-37490
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
ibmCNA
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
ibmcloud_pak_for_business_automation
24.0.0
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_001
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_002
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_003
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_004
ibmcloud_pak_for_business_automation
24.0.1
ibmcloud_pak_for_business_automation
24.0.1:interim_fix_001
ibmcloud_pak_for_business_automation
24.0.1:interim_fix_002
ibmcloud_pak_for_business_automation
24.0.1:interim_fix_004
ibmcloud_pak_for_business_automation
25.0.0
ibmcloud_pak_for_business_automation
25.0.0:interim_fix_001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7249999