IBM Integration Bus
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Integration Bus.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Integration Bus. Last year, in 2025 Integration Bus had 1 security vulnerability published. Right now, Integration Bus is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 8.20 |
| 2024 | 1 | 6.50 |
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 0.00 |
| 2018 | 1 | 0.00 |
It may take a day or so for new Integration Bus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Integration Bus Security Vulnerabilities
IBM Integration Bus 10.1.0.0-10.1.0.5 Code Injection via privileged install dir
CVE-2025-36014
8.2 - High
- July 07, 2025
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
Code Injection
IBM Integration Bus 10.1: AdminAPI DoS (FS exhaustion)
CVE-2024-22332
6.5 - Medium
- February 09, 2024
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.
Resource Exhaustion
DOS on IBM ACE/IIB Nodes (Windows) pre-11.0.0.24/12.0.10/10.1.0.1
CVE-2023-45176
5.5 - Medium
- October 14, 2023
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.
IBM App Connect V11.0.0.0 through V11.0.0.1
CVE-2018-1801
- February 04, 2019
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
IBM Integration Bus 9.0.0.0
CVE-2017-1418
- November 26, 2018
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions
CVE-2017-1126
- October 03, 2017
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting
CVE-2017-1144
- July 05, 2017
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user
CVE-2017-1207
- July 05, 2017
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Integration Bus or by IBM? Click the Watch button to subscribe.
