Skip to main content

Integration Bus CVE-2025-36014

| EUVDEUVD-2025-20269 HIGH
Code Injection (CWE-94)
2025-07-07 psirt@us.ibm.com
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 03:37 euvd
EUVD-2025-20269
Analysis Generated
Mar 16, 2026 - 03:37 vuln.today
CVE Published
Jul 07, 2025 - 17:15 nvd
HIGH 8.2

DescriptionCVE.org

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Analysis

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Technical ContextAI

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Code Injection (CWE-94).

RemediationAI

Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

CVE-2016-9706 CRITICAL
9.1 Feb 15

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by

CVE-2017-1694 HIGH
8.1 Dec 20

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker usin

CVE-2024-27265 MEDIUM
6.5 Mar 14

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an atta

CVE-2024-22332 MEDIUM
6.5 Feb 09

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system

CVE-2016-9010 MEDIUM
6.1 Feb 15

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. Rat

CVE-2016-8918 MEDIUM
5.9 Feb 01

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid

CVE-2017-1207 MEDIUM
5.5 Jul 05

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. Rated med

CVE-2023-45176 MEDIUM
5.5 Oct 14

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 1

CVE-2015-7399 MEDIUM
5.3 Jan 11

IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 befor

CVE-2017-1126 MEDIUM
5.3 Oct 04

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive inf

CVE-2016-2961 MEDIUM
5.3 Jul 02

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 bef

CVE-2014-6170 MEDIUM
5.0 Feb 02

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0

Share

CVE-2025-36014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy