CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

CVE-2025-36048

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2025-36049

IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15 are affected by CVE-2025-36049 due to an XML external entity (XXE) processing vulnerability in XML data handling. The underlying issue is XXE which could allow a remote authenticated attacker to execute arbitrary co...

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

CVE-2025-36049 IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands...

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2025-36048

CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...

Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality

Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 that stems from an XML external entity injection vulnerability that could lead to the...

PT-2025-26179 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5, 10.7, 10.11, and 10.15 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this to execute...

IBM webMethods Integration 安全漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A security vulnerability exists in IBM webMethods Integration versions 10.5, 10.7, 10.11, and 10.15, which stems from improper permissions when dealing with external entities, which could result in...

PT-2025-26178 · Ibm · Webmethods Integration Server

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration Server versions 10.5 through 10.15 Description: The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. Recommendations: For...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2023-0925

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

CVE-2023-6578

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...

Security Bulletin: Due to use of TinyMCE 6.8.2 IBM My webMethods Server is vulnerable to cross-site scripting.

Summary TinyMCE is used by IBM My webMethods Server. CVE-2024-38357, CVE-2024-38356 Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote attacker could exploit...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Managed File Transfer 11.1 Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods B2B

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods B2B 11.1 Vulnerability Details CVEID:CVE-2015-6644 DESCRIPTION: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted...