Webmethods Integration
Monthly
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CVE-2025-36049 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in IBM webMethods Integration Server affecting versions 10.5, 10.7, 10.11, and 10.15, where a privileged user can escalate their privileges when the system handles external entities due to unnecessary privilege execution. With a CVSS score of 7.2 and high impact across confidentiality, integrity, and availability, this vulnerability requires administrative credentials to exploit but provides complete system compromise potential. No public confirmation of active exploitation (KEV status) or proof-of-concept availability is evident, making this a moderate-to-high priority based on the barrier to entry (privileged user requirement) despite the severe impact if exploited.
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CVE-2025-36049 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Privilege escalation vulnerability in IBM webMethods Integration Server affecting versions 10.5, 10.7, 10.11, and 10.15, where a privileged user can escalate their privileges when the system handles external entities due to unnecessary privilege execution. With a CVSS score of 7.2 and high impact across confidentiality, integrity, and availability, this vulnerability requires administrative credentials to exploit but provides complete system compromise potential. No public confirmation of active exploitation (KEV status) or proof-of-concept availability is evident, making this a moderate-to-high priority based on the barrier to entry (privileged user requirement) despite the severe impact if exploited.