Description
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
- Attack Vector
- local
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-250
Metadata
- Primary Vendor
- IBM
- Published
- 1/20/2026
- Last Modified
- 2/17/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflowibm : business_automation_workflow
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.