Security Bulletin: Due to use of jetty-server IBM webMethods BPM is vulnerable to corrupted and/or inadvertent sharing of data between requests

Summary IBM webMethods BPM is using jetty-server which is affected by a known vulnerability CVE-2024-13009. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods BPM.

Summary Multiple vulnerabilities were addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

Security Bulletin: Due to the use of Eclipse JGit, IBM webMethods Integration is affected by denial of service, and other security issues.

Summary Eclipse JGit is used by IBM webMethods Integration in repository function CVE-2025-4949 Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implemen...

Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication

Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...

Security Bulletin: IBM webMethods Integration Sever is affected by server-side request forgery (SSRF)

Summary IBM webMethods Integration Sever is affected by server-side request forgery SSRF. CVE-2025-36037 Vulnerability Details CVEID:CVE-2025-36037 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

EUVD-2024-41296

Malicious code in bioql PyPI...

EUVD-2025-18657

Malicious code in bioql PyPI...

EUVD-2025-18661

Malicious code in bioql PyPI...

EUVD-2025-30821

Malicious code in bioql PyPI...

EUVD-2024-41297

Malicious code in bioql PyPI...

Security Bulletin: due to the use of Apache Tomcat, IBM webMethods developer portal is affected by Multiple Vulnerabilities

Summary Multiple vulnerabilities in ApacheTomcat have been addressed in IBM webMethods developer portal Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

CVE-2025-36037

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

CVE-2025-36037

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

CVE-2025-36037 IBM webMethods Integration server-side request forgery

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Security Bulletin: IBM webMethods Integration Sever is affected by vulnerable lucene-suggest-8.9.0.jar

Summary IBM webMethods Integration Sever is affected by vulnerable lucene-suggest-8.9.0.jar. CWE-400 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this...

IBM webMethods Integration 格式化字符串错误漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A Formatting String Error vulnerability exists in IBM webMethods Integration versions 10.15 and 11.1, which stems from improper validation of parameter formatting strings passed to an external source...

CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...