{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:48:38.019","vulnerabilities":[{"cve":{"id":"CVE-2025-36054","sourceIdentifier":"psirt@us.ibm.com","published":"2025-11-06T15:15:46.363","lastModified":"2025-12-12T15:21:32.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:-:*:*:*:traditional:*:*:*","matchCriteriaId":"4D600A93-6AE8-4F9C-BBDC-19249E537AE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:-:*:*:containers:*:*:*","matchCriteriaId":"EF29B7C7-5024-4A85-ADE5-D94E9002181D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:containers:*:*:*","matchCriteriaId":"8464D4F4-1F9A-479B-B689-C6E90BC3AF45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:containers:*:*:*","matchCriteriaId":"0FE0DB1D-5728-4075-BE84-48F06E22FDF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:containers:*:*:*","matchCriteriaId":"A4AB37B4-DF91-4DC7-AFB9-107E5B1B2BF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:containers:*:*:*","matchCriteriaId":"79318EB6-001D-4D75-952C-87297C90A0C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:containers:*:*:*","matchCriteriaId":"38F4B5AC-AC9D-48E7-9EC8-48C086CC62A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:*","matchCriteriaId":"73BAD8DC-3081-4D07-8E65-7501351DE025"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:containers:*:*:*","matchCriteriaId":"D5D9EC44-05CE-44FA-AFDE-A4FA326A54F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:containers:*:*:*","matchCriteriaId":"AD2EC4AD-EF47-450F-AA73-8BEE3DADEA1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:containers:*:*:*","matchCriteriaId":"0CFCCD13-9342-4D3D-BE9C-ABCA4EA27229"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:*","matchCriteriaId":"5797C332-AE9A-40BF-BAA4-7ECDDEAA907C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:containers:*:*:*","matchCriteriaId":"3058E645-44E1-4FF0-9A97-E04324BB8968"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:*","matchCriteriaId":"0E06ACEC-AC03-41AA-91C7-BA84457847A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:process_federation_server:24.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2F08A2F1-9A23-4E62-9CE6-ACD36BA62AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:process_federation_server:24.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5B256B03-5CB5-462F-A56F-B3B1C90A89BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:process_federation_server:25.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCF7DA13-7C3E-497F-ADDE-62C064BBC1A6"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7250261","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]}]}}]}