8.8

CVE-2025-36049

IBM webMethods Integration Sever XML external entity injection

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 

is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebmethods Integration Version10.5
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   NovellSuse Linux Version-
   RedhatLinux Version-
IbmWebmethods Integration Version10.7
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   NovellSuse Linux Version-
   RedhatLinux Version-
IbmWebmethods Integration Version10.11
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   NovellSuse Linux Version-
   RedhatLinux Version-
IbmWebmethods Integration Version10.15
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   NovellSuse Linux Version-
   RedhatLinux Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.513
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.