CVE-2025-36048

CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...

Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality

Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...

PT-2025-26179 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this to execute...

PT-2025-26178 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5 through 10.15 Description: The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. Recommendations: For...

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage: www.softwareag.com Version: 10.15.0000-0092 Tested on: 10.15.0000-0092 CVE : 2024-23733 Description: The /WmAdmin/,/invoke/vm.server/login...

📄 WebMethods Integration Server 10.15.0.0000-0092 Access Bypass

WebMethods Integration Server version 10.15.0.0000-0092 has an issue where blank credentials can allow access to the administrative panel. Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage:...

Directory traversal

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...

CVE-2006-0732

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...

CVE-2006-0732

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...