Description
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- local
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-538
Metadata
- Primary Vendor
- IBM
- Published
- 1/20/2026
- Last Modified
- 2/17/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflow
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.