IBM webMethods Integration 安全漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS offered by International Business Machines IBM. There are security vulnerabilities in the versions of IBM webMethods Integration 10.15 up to IS10.15CoreFix2411.1 and IS11.1CoreFix8. These vulnerabilities stem from the possibility of sensitiv...

PT-2026-6557

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server versions 10.15 through IS 10.15 Core Fix2411.1 to IS 11.1 Core Fix8 Description IBM webMethods Integration Server may reveal sensitive user information within its server responses. Recommendations Update to a...

Security Bulletin: IBM webMethods Integration Sever is affected by CVE-2025-14150

Summary IBM webMethods Integration server could disclose sensitive user information in server responses. CVE-2025-14150 Vulnerability Details CVEID:CVE-2025-14150 DESCRIPTION: IBM webMethods Integration could disclose sensitive user information in server responses. CWE:CWE-497: Exposure of...

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

Security Bulletin: Multiple vulnerabilities found in IBM EntireX through the use of webMethods Integration Server.

Summary As IBM EntireX Adapter runs in the webMethods Integration Server and the webMethods Integration Server has been updated in order to address the vulnerabilities, the fix for webMethods Integration Server will need to be applied by IBM EntireX customers. Vulnerability Details...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar

Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...

Security Bulletin: IBM webMethods Integration (on prem) is affected by arbitrary code execution

Summary IBM webMethods Integration on prem uses java objects for displaying graph data CVE-2025-36072 Vulnerability Details CVEID:CVE-2025-36072 DESCRIPTION: IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to Apache Lucene

Summary IBM webMethods BPM uses Apache Lucene in designer-process-feature and metadata-core-feature for text processing and filtering purpose. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression...

CVE-2025-36072

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

EUVD-2025-198374

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

CVE-2025-36072

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

CVE-2025-36072

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

CVE-2025-36072 IBM webMethods Integration Deserialization

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

CVE-2025-36072

IBM webMethods Integration (on prem) is affected by CVE-2025-36072 due to deserialization of untrusted object graphs, enabling an authenticated user to execute arbitrary code. Affected versions include 10.11 through IS_10.11_Core_Fix22, 10.15 through IS_10.15_Core_Fix22, and 11.1 through IS_11.1_...

CVE-2025-36072 IBM webMethods Integration Deserialization

IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration versions 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6, which stems from deserialization of...

PT-2025-47639

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration versions 10.11 through 10.11 Core Fix22 IBM webMethods Integration versions 10.15 through 10.15 Core Fix22 IBM webMethods Integration versions 11.1 through 11.1 Core Fix6 Description IBM webMethods Integration allows...

Security Bulletin: Due to the use of Apache tomcat, IBM webMethods Integration is affected by some vulnerabilities

Summary Vulnerabilities due to Apache tomcat have been addressed in IBM webMethods Integration. Vulnerability Details CVEID:CVE-2025-55754 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log...

Security Bulletin: IBM webMethods BPM is affected by multiple vulnerabilities

Summary Vulnerabilities due to Apache tomcat have been addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits...

Security Bulletin: Due to use of jetty-server IBM webMethods BPM is vulnerable to corrupted and/or inadvertent sharing of data between requests

Summary IBM webMethods BPM is using jetty-server which is affected by a known vulnerability CVE-2024-13009. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be...