305 matches found
CVE-2025-14290
IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...
CVE-2025-14290 IBM webMethods Integration Sever is vulnerable to server-side request forgery
IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...
CVE-2025-14290 IBM webMethods Integration Sever is vulnerable to server-side request forgery
IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...
EUVD-2025-209934
IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...
CVE-2025-14290
IBM webMethods Integration Server (on premise) versions 10.15 to IS_10.15_Core_Fix2611.1 and 11.1 to IS_11.1_Core_Fix10 are affected by CVE-2025-14290, a server-side request forgery (SSRF) vulnerability in the Administration > Publishing > Add subscriber UI. An authenticated attacker could ...
CVE-2025-14290
IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...
PT-2026-43278
IBM webMethods Integration on prem -Integration Server 10.15 through IS 10.15 Core Fix2611.1 to IS 11.1 Core Fix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...
Security Bulletin: Due to use angular-1.8.2.min.js , IBM webMethods Integration Server is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM webMethods Integration Server by upgrading the version of the Angular framework. Vulnerability Details CVEID:CVE-2025-0716 DESCRIPTION: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in 'image' SVG elements in...
EUVD-2026-12383
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)
Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...
CVE-2025-13490
CVE-2025-13490 affects IBM App Connect Operator CD versions 11.3.0–11.6.0, 12.1.0–12.20.0 and 12.0 LTS 12.0.0–12.0.20, plus IBM App Connect Enterprise Certified Containers operands CD 12.0.11.2‑r1–12.0.12.5‑r1 and 13.0.1.0‑r1–13.0.6.1‑r1 (and 12.0 LTS 12.0.12‑r1–12.0.12‑r20). The vulnerability is...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality (CVE-2025-13490)
Summary When an IBM App Connect Enterprise Certified Container IntegrationRuntime or IntegrationServer is configured to report metrics to a Prometheus instance in the OpenShift cluster, the metrics are sent over an unencrypted channel. This bulletin provides patch information to address the...
HTML Injection Vulnerability in IBM webMethods Integration Server
IBM webMethods Integration Server is an application connector from International Business Machines IBM. An HTML injection vulnerability exists in IBM webMethods Integration Server version 12.0. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML...
CVE-2025-14289
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-14289
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-14289 IBM webMethods Integration Server is vulnerable to HTML injection
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-14289
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
IBM webMethods Integration Server 安全漏洞
IBM webMethods Integration Server is an application connector from International Business Machines IBM. An HTML injection vulnerability exists in IBM webMethods Integration Server version 12.0. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML...
PT-2026-20229
Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server version 12.0 Description The software is susceptible to HTML injection. A remote attacker could inject malicious HTML code that would be executed in the victim's web browser within the security context of the...
Security Bulletin: IBM webMethods Integration Server is vulnerable to HTML injection
Summary IBM webMethods Integration Sever is vulnerable to HTML injection in Security Claims UI. CVE-2025-14289. Vulnerability Details CVEID:CVE-2025-14289 DESCRIPTION: IBM webMethods Integration is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed...