8.8
CVE-2025-36202
- EPSS 0.03%
- Veröffentlicht 22.09.2025 15:14:44
- Zuletzt bearbeitet 03.10.2025 19:13:00
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM webMethods Integration code execution
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Webmethods Integration Version10.5
Ibm ≫ Webmethods Integration Version11.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.09 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.