cbcvebase.

Ibm Webmethods Integration vulnerabilities

8 known vulnerabilities affecting ibm/webmethods_integration.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-45076P2CRITICALCVSS 9.9v10.152024-09-04
CVE-2024-45076 [CRITICAL] CWE-434 CVE-2024-45076: IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary f IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
nvd
CVE-2025-36072P2HIGHCVSS 8.8v10.11v10.15+4 more2025-11-20
CVE-2025-36072 [HIGH] CWE-502 CVE-2025-36072: IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
nvd
CVE-2025-36049P2HIGHCVSS 8.8v10.5v10.7+2 more2025-06-18
CVE-2025-36049 [HIGH] CWE-611 CVE-2025-36049: IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external en IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
nvd
CVE-2025-36202P3HIGHCVSS 8.8v10.5v11.1+1 more2025-09-22
CVE-2025-36202 [HIGH] CWE-134 CVE-2025-36202: IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Se IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
nvd
CVE-2024-45075P3HIGHCVSS 8.8v10.152024-09-04
CVE-2024-45075 [HIGH] CWE-306 CVE-2024-45075: IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that wo IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
nvd
CVE-2025-36048P3HIGHCVSS 7.2v10.5v10.7+2 more2025-06-18
CVE-2025-36048 [HIGH] CWE-250 CVE-2025-36048: IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to esca IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
nvd
CVE-2024-45074P3MEDIUMCVSS 6.5v10.152024-09-04
CVE-2024-45074 [MEDIUM] CWE-22 CVE-2024-45074: IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the sy IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
nvd
CVE-2025-36037P4MEDIUMCVSS 5.4v10.15v11.12025-09-22
CVE-2025-36037 [MEDIUM] CWE-918 CVE-2025-36037: IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Thi IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
nvd