Security Bulletin: IBM webMethods Integration Sever is affected by server-side request forgery (SSRF)

Summary IBM webMethods Integration Sever is affected by server-side request forgery SSRF. CVE-2025-36037 Vulnerability Details CVEID:CVE-2025-36037 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

CVE-2025-36037

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36037

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36037

creationtimestamp| type| source ---|---|--- 2025-09-22 15:47:28+00:00| seen| Telegram/Ke1hCitPyRL7KNAqnjAUN6mN51SJPuHoILaSqaKuINz-QQg...

CVE-2023-36037

creationtimestamp| type| source ---|---|--- 2025-01-08 16:14:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/708 2025-04-30 00:12:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13961...

CVE-2024-36037

creationtimestamp| type| source ---|---|--- 2024-05-29 13:31:00+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10583 2024-06-03 07:26:11+00:00| seen| https://t.me/thebugbountyhunter/8755...

CVE-2024-36037

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings...

CVE-2024-36037

Zoho ManageEngine ADAudit Plus (Windows AD management tool) is affected by CVE-2024-36037 due to an insufficient access control flaw. Versions 7260 and below expose session recordings to unauthorized local agent machine users. The root cause is improper access control, enabling viewing of other u...

CVE-2024-36037 Insufficient Access Control Vulnerability

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings...

Microsoft Office 2016 Multiple Vulnerabilities (KB5002518)

This host is missing an important security update according to Microsoft KB5002518 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Security Updates for Microsoft Excel Products C2R Information Disclosure (November 2023)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A remote code execution vulnerability. CVE-2023-36041 - A security feature bypass vulnerability. CVE-2023-36037 Note that Nessus has not tested for these issues but ha...

CVE-2023-36037

Microsoft Excel Security Feature Bypass Vulnerability...

CVE-2023-36037 Microsoft Excel Security Feature Bypass Vulnerability

...

Security Updates for Microsoft Office Products (Nov 2023) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the november-14-2023 advisory. - Microsoft Excel Security Feature Bypass Vulnerability CVE-2023-36037 - Microsoft Excel Remote Code Execution Vulnerability CVE-2023-36041 ...

Security Updates for Microsoft Excel Products (November 2023)

The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2023-36041 - A security feature bypass...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to circumvent a security measure or execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue...

CVE-2020-36037

creationtimestamp| type| source ---|---|--- 2023-08-11 18:16:54+00:00| seen| https://t.me/cibsecurity/68351...

CVE-2020-36037

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...

CVE-2020-36037

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...

CVE-2020-36037

WUZHI CMS 4.1.0 contains a vulnerability in the ueditor setting parameter in index.php that allows remote attackers to execute arbitrary code. Root cause relates to unsafely processed input leading to code execution; CVSSv3.1 metrics show a high impact with network access, required privileges low...