Ibm: >> Webmethods Integration >> 10.5 Security Vulnerabilities
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-22
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-06-18
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15
is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-06-18