Skip to main content

Integration Bus

20 CVEs product

Monthly

CVE-2025-36014 HIGH This Week

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

RCE Code Injection IBM Integration Bus
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-22356 MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Integration Bus App Connect Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-27265 MEDIUM PATCH This Month

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Integration Bus
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22332 MEDIUM This Month

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Integration Bus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-45176 MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft IBM App Connect Enterprise Integration Bus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-1694 HIGH This Week

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Integration Bus
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2017-1126 MEDIUM PATCH This Month

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1144 LOW Monitor

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2017-1207 MEDIUM This Month

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-9706 CRITICAL PATCH Act Now

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Integration Bus Websphere Message Broker
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2016-9010 MEDIUM PATCH This Month

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-8918 MEDIUM PATCH This Month

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Integration Bus
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-0394 LOW PATCH Monitor

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-2961 MEDIUM This Month

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Tomcat Information Disclosure Java Integration Bus +1
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-7399 MEDIUM This Month

IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2015-5011 LOW PATCH Monitor

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Websphere Message Broker Integration Bus
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2015-2018 LOW PATCH Monitor

IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-0118 MEDIUM This Month

IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6170 MEDIUM This Month

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Integration Bus Websphere Message Broker
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4819 MEDIUM This Month

The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 2.0
4.0
EPSS
0.3%
EPSS 0% CVSS 8.2
HIGH This Week

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

RCE Code Injection IBM +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Integration Bus
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Integration Bus
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft IBM +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Integration Bus
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 2.5
LOW Monitor

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. Rated low severity (CVSS 2.5). No vendor patch available.

IBM Information Disclosure Websphere Message Broker +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker +1
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +2
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Authentication Bypass Integration Bus
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Tomcat Information Disclosure +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Websphere Message Broker +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Message Broker +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Integration Bus +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Message Broker +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy