is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
Metrics
Affected Vendors & Products
Solution
IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document. IS_10.5_Core_Fix29 or later IS_10.7_Core_Fix23 or later IS_10.11_Core_Fix11 or later IS_10.15_Core_Fix14 or later Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7237146 |
![]() ![]() |
Wed, 13 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apple
Apple macos Ibm Ibm webmethods Integration Linux Linux linux Kernel Microsoft Microsoft windows Novell Novell suse Linux Redhat Redhat linux |
|
CPEs | cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:* cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Apple
Apple macos Ibm Ibm webmethods Integration Linux Linux linux Kernel Microsoft Microsoft windows Novell Novell suse Linux Redhat Redhat linux |
Wed, 18 Jun 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. | |
Title | IBM webMethods Integration Sever XML external entity injection | |
First Time appeared |
Softwareag
Softwareag webmethods |
|
Weaknesses | CWE-611 | |
CPEs | cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:* |
|
Vendors & Products |
Softwareag
Softwareag webmethods |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-24T11:50:08.864Z
Reserved: 2025-04-15T21:16:10.569Z
Link: CVE-2025-36049

Updated: 2025-06-18T17:48:01.506Z

Status : Analyzed
Published: 2025-06-18T16:15:27.233
Modified: 2025-08-13T14:08:53.837
Link: CVE-2025-36049

No data.

No data.