8 matches found
CVE-2024-45076
CVE-2024-45076 affects IBM webMethods Integration 10.15: an authenticated user can upload and execute arbitrary files on the underlying OS. IBM Security Bulletin indicates this is a code execution path via file upload/execution and lists Corefix 14 as the remediation; update/install through Updat...
CVE-2024-45074
IBM webMethods Integration 10.15 contains a path traversal vulnerability (CVE-2024-45074) that can be exploited by an authenticated user to view arbitrary files via crafted URLs containing dot-dot sequences ("/../"). The issue is caused by insufficient input validation on directory traversal, ena...
CVE-2024-45075
IBM webMethods Integration 10.15 is affected by a privilege-escalation vulnerability where an authenticated user can create scheduler tasks to elevate privileges to administrator due to missing authentication. The issue is described in IBM’s Security Bulletin (CVE-2024-45075) and is associated wi...
CVE-2025-36049
IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15 are affected by CVE-2025-36049 due to an XML external entity (XXE) processing vulnerability in XML data handling. The underlying issue is XXE which could allow a remote authenticated attacker to execute arbitrary co...
CVE-2025-36048
CVE-2025-36048 affects IBM webMethods Integration Server (on‑prem) versions 10.5, 10.7, 10.11, and 10.15. The root cause is execution with unnecessary privileges when handling external entities, enabling a privileged user to escalate privileges. The IBM bulletin specifies affected builds and fixe...
CVE-2025-36072
IBM webMethods Integration (on prem) is affected by CVE-2025-36072 due to deserialization of untrusted object graphs, enabling an authenticated user to execute arbitrary code. Affected versions include 10.11 through IS_10.11_Core_Fix22, 10.15 through IS_10.15_Core_Fix22, and 11.1 through IS_11.1_...
CVE-2025-36037
IBM webMethods Integration Server (on‑prem) versions 10.15 and 11.1 are affected by a server‑side request forgery (SSRF) vulnerability (CVE-2025-36037). The issue allows an authenticated attacker to cause unauthorized requests from the server, potentially enabling network enumeration. Remediation...
CVE-2025-36202
IBM webMethods Integration versions 10.15 and 11.1 are affected by a vulnerability caused by improper validation of format string arguments, allowing an authenticated user with required execute services to cause command execution on the system (CWE-134). The IBM Security Bulletin notes the affect...