Webmethods Integration Security Vulnerabilities and Issues — Webmethods Integration CVE List

Lucene search

IbmWebmethods Integration

5 matches found

CVE•added 2024/09/04 4:15 p.m.•69 views

CVE-2024-45076

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

9.9CVSS9.6AI score0.00225EPSS

CVE•added 2024/09/04 4:15 p.m.•55 views

CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.3AI score0.00243EPSS

CVE•added 2024/09/04 4:15 p.m.•50 views

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.

8.8CVSS8.7AI score0.00156EPSS

CVE•added 2025/06/18 4:15 p.m.•10 views

CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

8.8CVSS7.6AI score0.00127EPSS

CVE•added 2025/06/18 4:15 p.m.•7 views

CVE-2025-36048

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

7.2CVSS7.2AI score0.00102EPSS