June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DarkCrystal RAT aka DCRat – Active IOCs
May 5, 2025
CVE-2025-21572 – Oracle Corporation OpenGrok Vulnerability
May 5, 2025
DarkCrystal RAT aka DCRat – Active IOCs
May 5, 2025
CVE-2025-21572 – Oracle Corporation OpenGrok Vulnerability
May 5, 2025
Severity
Medium
Analysis Summary
CVE-2025-1838 CVSS:6.5
IBM Cloud Pak for Business Automation Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface, which could cause a denial of service.
CVE-2024-41753 CVSS:6.1
IBM Cloud Pak for Business Automation is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-1495 CVSS:4.1
IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation.
Impact
- Cross-Site Scripting
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-1838
CVE-2024-41753
CVE-2025-1495
Affected Vendors
- IBM
Affected Products
- IBM Business Automation Workflow - 24.0.1 - 24.0.0
- IBM Cloud Pak for Business Automation - 24.0.1 - 24.0.0
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.
