{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36094", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:14.711Z", "datePublished": "2026-02-03T22:06:09.620Z", "dateUpdated": "2026-02-03T22:06:09.620Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:25.0.0:interim_fix_002:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_005:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_007:*:*:*:*:*:*"], "product": "Cloud Pak for Business Automation", "vendor": "IBM", "versions": [{"lessThanOrEqual": "25.0.0 Interim Fix 002", "status": "affected", "version": "25.0.0", "versionType": "semver"}, {"lessThanOrEqual": "24.0.1 Interim Fix 005", "status": "affected", "version": "24.0.1", "versionType": "semver"}, {"lessThanOrEqual": "24.0.0 Interim Fix 007", "status": "affected", "version": "24.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.</p>"}], "value": "IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-03T22:06:09.620Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7259318"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><br><table><thead><tr><td>Affected Product(s)</td><td>Version(s)</td><td>Remediation / Fix</td></tr></thead><tbody><tr><td>IBM Cloud Pak for Business Automation</td><td>V25.0.0 - V25.0.0-IF002</td><td>Apply security fix <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2500-if003\">25.0.0-IF003</a></td></tr><tr><td>IBM Cloud Pak for Business Automation</td><td>V24.0.1 - V24.0.1-IF005</td><td>Apply security fix <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2401-if006\">24.0.1-IF006</a></td></tr><tr><td>IBM Cloud Pak for Business Automation</td><td>V24.0.0 - V24.0.0-IF007</td><td>Apply security fix <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2400-if008\">24.0.0-IF008</a></td></tr></tbody></table>&nbsp;</div>"}], "value": "Affected Product(s)Version(s)Remediation / FixIBM Cloud Pak for Business AutomationV25.0.0 - V25.0.0-IF002Apply security fix 25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2500-if003 IBM Cloud Pak for Business AutomationV24.0.1 - V24.0.1-IF005Apply security fix 24.0.1-IF006 https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2401-if006 IBM Cloud Pak for Business AutomationV24.0.0 - V24.0.0-IF007Apply security fix 24.0.0-IF008 https://www.ibm.com/support/pages/readme-ibm-cloud-pak-business-automation-2400-if008"}], "title": "Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.", "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length."}], "id": "CVE-2025-36094", "lastModified": "2026-02-03T23:16:05.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-02-03T23:16:05.780", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7259318"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}