CVE-2026-1248 - Vulnerability Details

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

Business Automation Workflow containers and traditional

affected

Version	Status	Constraints
`25.0.1`	affected	—
`25.0.0`	affected	≤ 25.0.0 Interim Fix 003
`24.0.1`	affected	≤ 24.0.1 Interim Fix 006
`24.0.0`	affected	≤ 24.0.0 Interim Fix 008

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors	Products
Ibm Subscribe	Business Automation Workflow Containers And Traditional Subscribe

Advisories

No advisories yet.

Fixes

Solution

Affected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.1Apply container 25.0.1-IF001 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25010-interim-fixes IBM Business Automation Workflow traditionalV25.0.1Apply traditional 25.0.1-IF001 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25010-interim-fixes IBM Business Automation Workflow containersV25.0.0 - V25.0.0-IF003Apply container 25.0.0-IF004 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow traditionalV25.0.0 - V25.0.0-IF003Apply traditional 25.0.0-IF004 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1 - V24.0.1-IF006Apply container 24.0.1-IF007 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-24010-interim-fixes IBM Business Automation Workflow traditionalV24.0.1 - V24.0.1-IF006Apply traditional 24.0.1-IF007 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes IBM Business Automation Workflow containersV24.0.0 - V24.0.0-IF008Apply container 24.0.0-IF009 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-24000-interim-fixes IBM Business Automation Workflow traditionalV24.0.0 - V24.0.0-IF008Apply traditional 24.0.0-IF009 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7271445

History

Wed, 27 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-209
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 27 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
Title		IBM Business Automation Workflow information leak
First Time appeared		Ibm Ibm business Automation Workflow Containers And Traditional
CPEs		cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.0:::::::* cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.0:interim_fix_008:::::: cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.1:::::::* cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:24.0.1:interim_fix_006:::::: cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:25.0.0:::::::* cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:25.0.0:interim_fix_003:::::: cpe:2.3:a:ibm:business_automation_workflow_containers_and_traditional:25.0.1:::::::*
Vendors & Products		Ibm Ibm business Automation Workflow Containers And Traditional
References		https://www.ibm.com/support/pages/node/7271445

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-05-27T14:20:18.979Z

Updated: 2026-05-27T16:18:03.459Z

Reserved: 2026-01-20T18:56:22.473Z

Link: CVE-2026-1248

Vulnrichment

Updated: 2026-05-27T16:17:18.366Z

NVD

Status : Awaiting Analysis

Published: 2026-05-27T15:16:24.920

Modified: 2026-05-27T19:55:50.070

Link: CVE-2026-1248

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T22:00:18Z

Weaknesses

CWE-209

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object