CVE-2025-36094

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7259318	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_001::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_002::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_001::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_002::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_004::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_005::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_001::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_002::::::

History

No history.

Information

Published : 2026-02-03 23:16

Updated : 2026-02-25 18:52

NVD link : CVE-2025-36094

Mitre link : CVE-2025-36094

CVE.ORG link : CVE-2025-36094

JSON object : View

Products Affected

ibm

cloud_pak_for_business_automation

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2025-36094", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-02-03T23:16:05.780", "references": [{"url": "https://www.ibm.com/support/pages/node/7259318", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length."}, {"lang": "es", "value": "IBM Cloud Pak for Business Automation 25.0.0 hasta 25.0.0 Interim Fix 002, 24.0.1 hasta 24.0.1 Interim Fix 005, y 24.0.0 hasta 24.0.0 Interim Fix 007 podr\u00eda permitir a un usuario autenticado causar una denegaci\u00f3n de servicio o corromper datos existentes debido a la validaci\u00f3n incorrecta de la longitud de entrada."}], "lastModified": "2026-02-25T18:52:22.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF879B84-21B0-4FD4-AD2E-7F29EBDD218A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496D1A48-3403-471F-AD07-AEC7E5000AD8"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA215EC3-DDFE-494D-862C-35CA30D9BEDE"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F68528C5-034B-4B2C-8745-B969B14B52C5"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADE80E3-4E60-4154-A559-93E2325D799A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01FC35C-29F1-4D57-8804-07A5C1E9EA85"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D682E4B-DA22-4F88-A38F-76FF080AE0B5"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_005:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "619570E7-DC78-4985-A5AF-F05DE84DDB9E"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70431A72-663D-432E-9D94-5BBE380E06AB"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33128B64-7030-4A4E-8EF2-E285AF44F99F"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34F41BF6-3741-4E54-A133-861E39B39936"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}