Description
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
Published: 2026-05-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Business Automation Workflow containers and traditional release are vulnerable to information exposure through error messages that reveal the database schema. The flaw allows a malicious actor to obtain details such as table and column names that are normally internal, thereby potentially aiding further attacks.

Affected Systems

The vulnerability affects IBM Business Automation Workflow containers and traditional versions 24.0.0, 24.0.1, 25.0.0, and 25.0.1. IBM has issued interim fixes for each Major release, including container 24.0.1‑IF007, 25.0.0‑IF004, and 25.0.1‑IF001, among others.

Risk and Exploitability

Exploiting the flaw requires provoking an error that contains the database information. Based on the description, it is inferred that an attacker would need to send malformed input or otherwise trigger an endpoint that surfaces detailed error messages. The CVSS score for this issue is 4.3, EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 27, 2026 at 21:55 UTC.

Remediation

Vendor Solution

Affected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.1Apply container 25.0.1-IF001 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25010-interim-fixes IBM Business Automation Workflow traditionalV25.0.1Apply traditional 25.0.1-IF001 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25010-interim-fixes IBM Business Automation Workflow containersV25.0.0 - V25.0.0-IF003Apply container 25.0.0-IF004 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow traditionalV25.0.0 - V25.0.0-IF003Apply traditional 25.0.0-IF004 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1 - V24.0.1-IF006Apply container 24.0.1-IF007 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-24010-interim-fixes IBM Business Automation Workflow traditionalV24.0.1 - V24.0.1-IF006Apply traditional 24.0.1-IF007 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes IBM Business Automation Workflow containersV24.0.0 - V24.0.0-IF008Apply container 24.0.0-IF009 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-24000-interim-fixes IBM Business Automation Workflow traditionalV24.0.0 - V24.0.0-IF008Apply traditional 24.0.0-IF009 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes

OpenCVE Recommended Actions

  • Apply the interim fix that corresponds to the platform and version in use, for example container 25.0.1‑IF001 or traditional 25.0.1‑IF001.
  • Upgrade IBM Business Automation Workflow to the latest release that includes the fix for the affected API.
  • Configure the application to suppress or mask detailed error messages that contain database structure details.
  • Review and adjust logging settings to ensure that database schema information is not logged or exposed.

Generated by OpenCVE AI on May 27, 2026 at 21:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm business Automation Workflow
CPEs cpe:2.3:a:ibm:business_automation_workflow:24.0.0:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:-:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if001:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if002:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if003:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if004:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if005:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if007:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if007:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if001:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if002:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if003:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if003:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if005:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if005:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:-:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if002:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.1:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:25.0.1:-:*:*:traditional:*:*:*
Vendors & Products Ibm business Automation Workflow

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-209
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
Title IBM Business Automation Workflow information leak
First Time appeared Ibm
Ibm business Automation Workflow Containers And Traditional
CPEs cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.0:interim_fix_008:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.1:interim_fix_006:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:25.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:25.0.0:interim_fix_003:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:25.0.1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm business Automation Workflow Containers And Traditional
References

Subscriptions

Ibm Business Automation Workflow Business Automation Workflow Containers And Traditional
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T16:18:03.459Z

Reserved: 2026-01-20T18:56:22.473Z

Link: CVE-2026-1248

cve-icon Vulnrichment

Updated: 2026-05-27T16:17:18.366Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T15:16:24.920

Modified: 2026-05-28T17:19:25.883

Link: CVE-2026-1248

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T02:30:04Z

Weaknesses
  • CWE-209

    Generation of Error Message Containing Sensitive Information