IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ibm |
|
Configuration 1 [-]
|
No data.
References
History
Thu, 12 Feb 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:*:-:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if007:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if005:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if002:*:*:containers:*:*:* |
Tue, 03 Feb 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 02 Feb 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |
| Title | XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow - | |
| First Time appeared |
Ibm
Ibm business Automation Workflow |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:* cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:* |
|
| Vendors & Products |
Ibm
Ibm business Automation Workflow |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-02-03T15:39:59.140Z
Reserved: 2025-11-12T21:55:13.229Z
Link: CVE-2025-13096
Vulnrichment
Updated: 2026-02-03T15:39:23.446Z
NVD
Status : Analyzed
Published: 2026-02-02T23:15:58.600
Modified: 2026-02-12T19:01:45.070
Link: CVE-2025-13096
Redhat
No data.