IBM Business Automation Workflow
Moderate fix4 remedies
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 25.0.0, <= 25.0.0-IF002
- >= 24.0.1, <= 24.0.1-IF005
- >= 24.0.0, <= 24.0.0-IF007
- ~< 25.0.0
- ~< 24.0.1
- ~< 24.0.0
IBM Business Automation Workflow XXE Vulnerability Allowing Information Disclosure and Resource Consumption
Vulnerability
Patched
A vulnerability allowing XML external entity injection (XXE) has been identified in IBM Business Automation Workflow. This issue affects both containerized and traditional versions of the software, specifically in versions 25.0.0 prior to 25.0.0-IF007, 24.0.1 prior to 24.0.1-IF007, and 24.0.0 prior to 24.0.0-IF007. The vulnerability arises when the application processes XML data, potentially allowing remote attackers to access sensitive information or exhaust memory resources.
Impact
Exploitation of this vulnerability could lead to unauthorized exposure of sensitive information or excessive consumption of memory resources, causing potential performance degradation.
Remediation
Users are advised to upgrade to version 25.0.0-IF003, 24.0.1-IF006, or 24.0.0-IF008 for the containerized version. For the traditional version, upgrade to 25.0.0-IF003, 24.0.1-IF006, or 24.0.0-IF008.
Added: Feb 2, 2026, 11:57 PM
Updated: Feb 2, 2026, 11:57 PM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
5.0exploitability
5.2remediation
7.7relevance
2.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.