Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML

Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36202 Vulnerability Details CVEID:CVE-2025-36202 DESCRIPTION: IBM webMethods Integration could allow an authenticated user with required execute Services to execute commands on...

PT-2025-38724

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration versions 10.15 and 11.1 Description The software is susceptible to a server-side request forgery SSRF condition. An authenticated attacker could potentially leverage this to dispatch unauthorized requests from the...

PT-2025-38725

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration versions 10.15 and 11.1 Description An authenticated user with execute Services permissions may be able to execute commands on the system. This is due to improper validation of format string strings received from an...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration versions 10.15 and 11.1 that stems from vulnerability to server-side request forgery attacks that could result in unauthorized request...

Security Bulletin: IBM webMethods Integration Sever is affected by privilege escalation vulnerability via pub.scheduler.addOneTimeTask service

Summary IBM webMethods Integration Sever is affected by privilege escalation vulnerability via pub.scheduler.addOneTimeTask service. CVE-2025-36048 Vulnerability Details CVEID:CVE-2025-36048 DESCRIPTION: IBM webMethods Integration could allow a privileged user to escalate their privileges when...

Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML

Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36049 Vulnerability Details CVEID:CVE-2025-36049 DESCRIPTION: IBM webMethods Integration is vulnerable to an XML external entity injection XXE attack when processing XML data. A...

CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

CVE-2025-36048

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2025-36049

IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15 are affected by CVE-2025-36049 due to an XML external entity (XXE) processing vulnerability in XML data handling. The underlying issue is XXE which could allow a remote authenticated attacker to execute arbitrary co...

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2025-36048

CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...

Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality

Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...

PT-2025-26179 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this to execute...

IBM webMethods Integration 安全漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A security vulnerability exists in IBM webMethods Integration versions 10.5, 10.7, 10.11, and 10.15, which stems from improper permissions when dealing with external entities, which could result in...

PT-2025-26178 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5 through 10.15 Description: The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. Recommendations: For...

CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...