93 matches found
CVE-2025-36048
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...
Security Bulletin: IBM webMethods Integration Sever is affected by privilege escalation vulnerability via pub.scheduler.addOneTimeTask service
Summary IBM webMethods Integration Sever is affected by privilege escalation vulnerability via pub.scheduler.addOneTimeTask service. CVE-2025-36048 Vulnerability Details CVEID:CVE-2025-36048 DESCRIPTION: IBM webMethods Integration could allow a privileged user to escalate their privileges when...
Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML
Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36049 Vulnerability Details CVEID:CVE-2025-36049 DESCRIPTION: IBM webMethods Integration is vulnerable to an XML external entity injection XXE attack when processing XML data. A...
CVE-2025-36048
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...
CVE-2025-36049
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...
CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...
CVE-2025-36049
IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15 are affected by CVE-2025-36049 due to an XML external entity (XXE) processing vulnerability in XML data handling. The underlying issue is XXE which could allow a remote authenticated attacker to execute arbitrary co...
CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...
CVE-2025-36048
CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...
CVE-2025-36048 IBM webMethods Integration Sever code execution
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...
CVE-2025-36048 IBM webMethods Integration Sever code execution
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...
Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality
Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...
PT-2025-26178 · Ibm · Webmethods Integration Server
Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5 through 10.15 Description: The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. Recommendations: For...
IBM webMethods Integration 代码问题漏洞
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 that stems from an XML external entity injection vulnerability that could lead to the...
PT-2025-26179 · Ibm · Webmethods Integration Server
Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this to execute...
CVE-2024-45074
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer
Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...
Security Bulletin: Multiple Vulnerabilities in IBM webMethods B2B
Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods B2B 11.1 Vulnerability Details CVEID:CVE-2015-6644 DESCRIPTION: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted...
Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management
Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...
Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration
Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...