Microsoft: Security Vulnerabilities
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4
is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-18
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-06-18
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15
is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-18
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-06-18
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
CVSS Score
9.8
EPSS Score
0.011
Published
2025-06-17
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVSS Score
8.8
EPSS Score
0.009
Published
2025-06-17
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-06-17
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-17
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.
CVSS Score
9.8
EPSS Score
0.008
Published
2025-06-17
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
CVSS Score
7.7
EPSS Score
0.0
Published
2025-06-17