CVE-2025-36048
- EPSS 0.13%
- Veröffentlicht 18.06.2025 16:15:27
- Zuletzt bearbeitet 13.08.2025 14:12:38
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVE-2025-36049
- EPSS 0.16%
- Veröffentlicht 18.06.2025 16:15:27
- Zuletzt bearbeitet 13.08.2025 14:08:53
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
CVE-2024-23733
- EPSS 7.67%
- Veröffentlicht 29.01.2025 22:15:28
- Zuletzt bearbeitet 31.01.2025 21:15:09
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitr...
CVE-2023-6578
- EPSS 0.05%
- Veröffentlicht 07.12.2023 21:15:08
- Zuletzt bearbeitet 21.11.2024 08:44:08
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack r...
CVE-2023-0925
- EPSS 0.2%
- Veröffentlicht 06.09.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 07:38:06
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Por...