CVE-2026-13449
HighCVSS 7.6Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Risk Assessment
The risk includes leakage of sensitive organizational data and potential disruption of system operations through a Denial of Service (DoS) attack on memory resources.
Recommendation
It is recommended to immediately upgrade to the latest version of IBM Business Automation Manager Open Editions that includes a fix for the XXE vulnerability. Until the update is applied, restrict access to XML processing services and implement input validation.
Original NVD description (English source)
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

