2 matches found
CVE-2025-14290
IBM webMethods Integration Server (on premise) versions 10.15 to IS_10.15_Core_Fix2611.1 and 11.1 to IS_11.1_Core_Fix10 are affected by CVE-2025-14290, a server-side request forgery (SSRF) vulnerability in the Administration > Publishing > Add subscriber UI. An authenticated attacker could ...
CVE-2025-14289
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection in the Security > Claims UI (CVE-2025-14289). A remote attacker could inject malicious HTML that executes in the victim’s browser within the hosting site’s security context. Root cause: improper neutralization of script-rel...