cbcvebase.

Ibm Webmethods Integration Server vulnerabilities

4 known vulnerabilities affecting ibm/webmethods_integration_server.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-36049P2HIGHCVSS 8.8v10.5v10.7+2 more2025-06-18
CVE-2025-36049 [HIGH] CWE-611 CVE-2025-36049: IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external en IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
nvd
CVE-2025-36048P3HIGHCVSS 7.2v10.5v10.7+2 more2025-06-18
CVE-2025-36048 [HIGH] CWE-250 CVE-2025-36048: IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to esca IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
nvd
CVE-2025-14290P4MEDIUMCVSS 5.4v10.15.0v11.1.02026-05-26
CVE-2025-14290 [MEDIUM] CWE-918 CVE-2025-14290: IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other a
nvd
CVE-2025-14289P4MEDIUMCVSS 5.4v12.0.0v12.02026-02-17
CVE-2025-14289 [MEDIUM] CWE-80 CVE-2025-14289: IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inje IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
nvd
Ibm Webmethods Integration Server vulnerabilities | cvebase