CVE-2025-36014Code Injection in IBM Integration BUS

CWE-94Code Injection3 documents3 sources
Severity
6.7MEDIUMNVD
CNA8.2
EPSS
0.0%
top 93.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Integration BUS
Timeline
PublishedJul 7

Description

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/integration_bus10.1.0.010.1.0.5
NVDibm/integration_bus10.1.0.010.1.0.5

🔴Vulnerability Details

2
GHSA
GHSA-89jh-qm88-qp3c: IBM Integration Bus for z/OS 102025-07-07
CVEList
IBM Integration Bus for z/OS code injection2025-07-07
CVE-2025-36014 — Code Injection in IBM Integration BUS | cvebase