Webmethods CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-36202	1 Ibm	1 Webmethods	2025-09-22	7.5 High
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
CVE-2025-36037	1 Ibm	1 Webmethods	2025-09-22	5.4 Medium
IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-36049	7 Apple, Ibm, Linux and 4 more	7 Macos, Webmethods Integration, Linux Kernel and 4 more	2025-08-24	8.8 High
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
CVE-2025-36048	7 Apple, Ibm, Linux and 4 more	7 Macos, Webmethods Integration, Linux Kernel and 4 more	2025-08-24	7.2 High
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVE-2024-45074	2 Ibm, Softwareag	2 Webmethods Integration, Webmethods	2024-09-06	6.5 Medium
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-45075	2 Ibm, Softwareag	2 Webmethods Integration, Webmethods	2024-09-06	8.8 High
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
CVE-2024-45076	2 Ibm, Softwareag	2 Webmethods Integration, Webmethods	2024-09-06	9.9 Critical
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

Page 1 of 1.