Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-1838 CVSS:6.5

IBM Cloud Pak for Business Automation Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface, which could cause a denial of service.

CVE-2024-41753 CVSS:6.1

IBM Cloud Pak for Business Automation is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-1495 CVSS:4.1

IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation.

Impact

Cross-Site Scripting
Denial of Service
Information Disclosure

Indicators of Compromise

CVE

CVE-2025-1838
CVE-2024-41753
CVE-2025-1495

Affected Vendors

Affected Products

IBM Business Automation Workflow - 24.0.1 - 24.0.0
IBM Cloud Pak for Business Automation - 24.0.1 - 24.0.0

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-1838

CVE-2024-41753

CVE-2025-1495

DarkCrystal RAT aka DCRat – Active IOCs

CVE-2025-21572 – Oracle Corporation OpenGrok Vulnerability

Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan