{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-36093","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:14.711Z","datePublished":"2025-11-03T15:54:30.869Z","dateUpdated":"2025-11-03T16:25:26.455Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Cloud Pak For Business Automation","vendor":"IBM","versions":[{"status":"affected","version":"25.0.0"},{"status":"affected","version":"24.0.1"},{"status":"affected","version":"24.0.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.</p>"}],"value":"IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-602","description":"CWE-602 Client-Side Enforcement of Server-Side Security","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-11-03T15:54:30.869Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7249999"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Remediation/Fixes IBM strongly recommends addressing the vulnerability now. Product(s) Version(s) number and/or range Remediation/Fix/Instructions IBM Business Automation Insights 25.0.0 Apply security fix 25.0.0-IF002 IBM Business Automation Insights 24.0.1 Apply security fix 24.0.1-IF005 IBM Business Automation Insights 24.0.0 Apply security fix 24.0.0-IF005</p>"}],"value":"Remediation/Fixes IBM strongly recommends addressing the vulnerability now. Product(s) Version(s) number and/or range Remediation/Fix/Instructions IBM Business Automation Insights 25.0.0 Apply security fix 25.0.0-IF002 IBM Business Automation Insights 24.0.1 Apply security fix 24.0.1-IF005 IBM Business Automation Insights 24.0.0 Apply security fix 24.0.0-IF005"}],"source":{"discovery":"UNKNOWN"},"title":"security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Workarounds and Mitigations None.</p>"}],"value":"Workarounds and Mitigations None."}],"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-03T16:25:13.912411Z","id":"CVE-2025-36093","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-03T16:25:26.455Z"}}]}}