Lucene search
K

93 matches found

RedhatCVE
RedhatCVE
added 2025/06/23 8:38 a.m.8 views

CVE-2025-36048

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

7.2CVSS7.2AI score0.00411EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/18 4:36 p.m.5 views

Security Bulletin: IBM webMethods Integration Sever is affected by privilege escalation vulnerability via pub.scheduler.addOneTimeTask service

Summary IBM webMethods Integration Sever is affected by privilege escalation vulnerability via pub.scheduler.addOneTimeTask service. CVE-2025-36048 Vulnerability Details CVEID:CVE-2025-36048 DESCRIPTION: IBM webMethods Integration could allow a privileged user to escalate their privileges when...

7.2CVSS7.5AI score0.00411EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/18 4:35 p.m.6 views

Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML

Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36049 Vulnerability Details CVEID:CVE-2025-36049 DESCRIPTION: IBM webMethods Integration is vulnerable to an XML external entity injection XXE attack when processing XML data. A...

8.8CVSS8.2AI score0.00541EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/06/18 4:15 p.m.5 views

CVE-2025-36048

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

7.2CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2025/06/18 4:15 p.m.14 views

CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

8.8CVSS0.00541EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/18 4:6 p.m.5 views

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

8.8CVSS8.8AI score0.00541EPSS
Exploits0References1
CVE
CVE
added 2025/06/18 4:6 p.m.40 views

CVE-2025-36049

IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15 are affected by CVE-2025-36049 due to an XML external entity (XXE) processing vulnerability in XML data handling. The underlying issue is XXE which could allow a remote authenticated attacker to execute arbitrary co...

8.8CVSS7.6AI score0.00541EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/18 4:6 p.m.11 views

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

8.8CVSS0.00541EPSS
Exploits0References1
CVE
CVE
added 2025/06/18 4:4 p.m.28 views

CVE-2025-36048

CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...

7.2CVSS7.2AI score0.00411EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/18 4:4 p.m.10 views

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

7.2CVSS0.00411EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/18 4:4 p.m.5 views

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

7.2CVSS7AI score0.00411EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/18 1:49 p.m.9 views

Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality

Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...

7.1CVSS6.4AI score0.00964EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.6 views

PT-2025-26178 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5 through 10.15 Description: The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. Recommendations: For...

7.2CVSS6.6AI score0.00411EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.2 views

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 that stems from an XML external entity injection vulnerability that could lead to the...

8.8CVSS7.3AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.6 views

PT-2025-26179 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this to execute...

8.8CVSS6.8AI score0.00541EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.7 views

CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.5AI score0.00481EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:53 a.m.50 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

7.5CVSS10AI score0.99999EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:49 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods B2B

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods B2B 11.1 Vulnerability Details CVEID:CVE-2015-6644 DESCRIPTION: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted...

7.5CVSS10AI score0.08878EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:44 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...

8.8CVSS10AI score0.03005EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 9:44 a.m.63 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...

9.1CVSS9.2AI score0.54026EPSS
Exploits5Affected Software1
Rows per page
Query Builder