SB2026021609 - Multiple vulnerabilities in IBM Business Automation Insights

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026021609

SB2026021609 - Multiple vulnerabilities in IBM Business Automation Insights

Published: February 16, 2026

Security Bulletin ID SB2026021609
Severity
High
Patch available
YES
Number of vulnerabilities 18
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 28% Medium 44% Low 28%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.


1) Privilege Chaining (CVE-ID: CVE-2025-36124)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to failure to honor JMS messaging configuration. A remote attacker can trigger the vulnerability to bypass security restrictions


2) Uncontrolled Recursion (CVE-ID: CVE-2025-48924)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. A remote attacker can trigger uncontrolled recursion and perform a denial of service (DoS) attack.


3) Stack-based buffer overflow (CVE-ID: CVE-2025-5222)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SRBRoot::addTag() function in genrb binary. A remote unauthenticated attacker can pass a specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Cross-site scripting (CVE-ID: CVE-2025-36000)

The disclosed vulnerability allows a remote privileged user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Race condition (CVE-ID: CVE-2025-40909)

The vulnerability allows a local user to tamper with application's behavior.

The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.


6) Resource exhaustion (CVE-ID: CVE-2025-23184)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in CachedOutputStream instances allowing creation of enormous amount of temporary files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


7) Incorrect permission assignment for critical resource (CVE-ID: CVE-2025-12985)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to IBM Licensing Operator incorrectly assigns privileges to security critical files. A local user can perform local root escalation inside a container running the IBM Licensing Operator image.


8) Path traversal (CVE-ID: CVE-2025-47273)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.


9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2727)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions. A remote user can launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers.

Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.


10) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-27817)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in Apache Kafka Client. The application accepts configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


11) Deserialization of Untrusted Data (CVE-ID: CVE-2025-27818)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote user can set the sasl.jaas.config property for connector's Kafka clients to 'com.sun.security.auth.module.LdapLoginModule' through various override properties (producer.override.sasl.jaas.config, consumer.override.sasl.jaas.config, or admin.override.sasl.jaas.config). This configuration enables the server to connect to an attacker's LDAP server and deserialize the LDAP response, potentially leading to the execution of java deserialization gadget chains on the Kafka connect server. 


12) Heap-based buffer overflow (CVE-ID: CVE-2019-17543)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the LZ4_write32 when performing archiving operation with LZ4_compress_fast. A remote attacker can pass specially crafted input to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2728)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions. A remote user can launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers.

Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers.


14) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.


15) Security features bypass (CVE-ID: CVE-2024-35195)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the session object does not verify requests after making first request with verify=False. A local administrator can bypass authentication.


16) Resource exhaustion (CVE-ID: CVE-2024-3651)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.


17) Use of insufficiently random values (CVE-ID: CVE-2024-52615)

The vulnerability allows a remote attacker to perform DNS spoofing attack.

The vulnerability exists due to the application relies on fixed source ports for wide-area DNS queries. A remote attacker can guess the port used to initiate the DNS query and perform spoofing attack. 


18) Insecure inherited permissions (CVE-ID: CVE-2024-7143)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to the way permissions are assigned on new tasks with RBAC enabled. A remote user can use a specially crafted task that creates new objects. Such objects will be owned by the oldest user with model/domain-level task permissions within the application and executed with privileges of such a user.



Remediation

Install update from vendor's website.

References