CVE-2025-36094 PUBLISHED

Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

Assigner: ibm
Reserved: 15.04.2025 Published: 03.02.2026 Updated: 04.02.2026

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 5.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	IBM
Product	Cloud Pak for Business Automation
Versions	affected from 25.0.0 to 25.0.0 Interim Fix 002 (incl.) affected from 24.0.1 to 24.0.1 Interim Fix 005 (incl.) affected from 24.0.0 to 24.0.0 Interim Fix 007 (incl.)

Solutions

Affected Product(s)Version(s)Remediation / FixIBM Cloud Pak for Business AutomationV25.0.0 - V25.0.0-IF002Apply security fix 25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2500-if003 IBM Cloud Pak for Business AutomationV24.0.1 - V24.0.1-IF005Apply security fix 24.0.1-IF006 https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2401-if006 IBM Cloud Pak for Business AutomationV24.0.0 - V24.0.0-IF007Apply security fix 24.0.0-IF008 https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2400-if008

References

https://www.ibm.com/support/pages/node/7259318

Problem Types

CWE-1284 Improper Validation of Specified Quantity in Input CWE