CVE Catalog

CVE-2026-13449

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Risk Assessment

The risk includes leakage of sensitive organizational data and potential disruption of system operations through a Denial of Service (DoS) attack on memory resources.

Recommendation

It is recommended to immediately upgrade to the latest version of IBM Business Automation Manager Open Editions that includes a fix for the XXE vulnerability. Until the update is applied, restrict access to XML processing services and implement input validation.

Original NVD description (English source)

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS