Lucene search
K
IbmWebmethods Integration

8 matches found

CVE
CVE
added 2024/09/04 3:59 p.m.83 views

CVE-2024-45076

CVE-2024-45076 affects IBM webMethods Integration 10.15: an authenticated user can upload and execute arbitrary files on the underlying OS. IBM Security Bulletin indicates this is a code execution path via file upload/execution and lists Corefix 14 as the remediation; update/install through Updat...

9.9CVSS9.6AI score0.00547EPSS
CVE
CVE
added 2024/09/04 4:2 p.m.68 views

CVE-2024-45074

IBM webMethods Integration 10.15 contains a path traversal vulnerability (CVE-2024-45074) that can be exploited by an authenticated user to view arbitrary files via crafted URLs containing dot-dot sequences ("/../"). The issue is caused by insufficient input validation on directory traversal, ena...

6.5CVSS6.3AI score0.00481EPSS
CVE
CVE
added 2024/09/04 4:1 p.m.66 views

CVE-2024-45075

IBM webMethods Integration 10.15 is affected by a privilege-escalation vulnerability where an authenticated user can create scheduler tasks to elevate privileges to administrator due to missing authentication. The issue is described in IBM’s Security Bulletin (CVE-2024-45075) and is associated wi...

8.8CVSS8.7AI score0.00445EPSS
CVE
CVE
added 2025/06/18 4:6 p.m.40 views

CVE-2025-36049

IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15 are affected by CVE-2025-36049 due to an XML external entity (XXE) processing vulnerability in XML data handling. The underlying issue is XXE which could allow a remote authenticated attacker to execute arbitrary co...

8.8CVSS7.6AI score0.00541EPSS
CVE
CVE
added 2025/06/18 4:4 p.m.29 views

CVE-2025-36048

CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...

7.2CVSS7.2AI score0.00411EPSS
CVE
CVE
added 2025/11/20 10:9 p.m.21 views

CVE-2025-36072

IBM webMethods Integration (on prem) is affected by CVE-2025-36072 due to deserialization of untrusted object graphs, enabling an authenticated user to execute arbitrary code. Affected versions include 10.11 through IS_10.11_Core_Fix22, 10.15 through IS_10.15_Core_Fix22, and 11.1 through IS_11.1_...

8.8CVSS7.3AI score0.00376EPSS
CVE
CVE
added 2025/09/22 3:17 p.m.20 views

CVE-2025-36037

IBM webMethods Integration Server (on‑prem) versions 10.15 and 11.1 are affected by a server‑side request forgery (SSRF) vulnerability (CVE-2025-36037). The issue allows an authenticated attacker to cause unauthorized requests from the server, potentially enabling network enumeration. Remediation...

5.4CVSS6.3AI score0.00178EPSS
CVE
CVE
added 2025/09/22 3:14 p.m.16 views

CVE-2025-36202

IBM webMethods Integration versions 10.15 and 11.1 are affected by a vulnerability caused by improper validation of format string arguments, allowing an authenticated user with required execute services to cause command execution on the system (CWE-134). The IBM Security Bulletin notes the affect...

8.8CVSS6.6AI score0.00316EPSS