IBM Webmethods Integration
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Webmethods Integration.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Webmethods Integration. Last year, in 2025 Webmethods Integration had 5 security vulnerabilities published. Right now, Webmethods Integration is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 7.54 |
| 2024 | 3 | 8.40 |
It may take a day or so for new Webmethods Integration vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Webmethods Integration Security Vulnerabilities
IBM webMethods 11.1 Deserialization RCE via Untrusted Object Graphs
CVE-2025-36072
8.8 - High
- November 20, 2025
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
Marshaling, Unmarshaling
IBM webMethods Integration 10.15/11.1 SSRF Vulnerability (SSRF)
CVE-2025-36037
5.4 - Medium
- September 22, 2025
IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
SSRF
IBM webMethods Integration 10.15/11.1 Exec via formatstring
CVE-2025-36202
7.5 - High
- September 22, 2025
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
Use of Externally-Controlled Format String
XXE in IBM webMethods Integration Server 10.5-10.15 enables remote exec
CVE-2025-36049
8.8 - High
- June 18, 2025
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
XXE
IBM webMethods IS 10.5-10.15 Privilege Escalation via External Entity Handling
CVE-2025-36048
7.2 - High
- June 18, 2025
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
Execution with Unnecessary Privileges
IBM webMethods Integration 10.15 Authenticated Remote File Upload & Exec
CVE-2024-45076
9.9 - Critical
- September 04, 2024
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
Unrestricted File Upload
IBM webMethods Integration 10.15 Auth Escalation via Scheduler Task
CVE-2024-45075
8.8 - High
- September 04, 2024
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
Missing Authentication for Critical Function
IBM WebMethods Integration 10.15 Directory Traversal (dot dot)
CVE-2024-45074
6.5 - Medium
- September 04, 2024
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Webmethods Integration or by IBM? Click the Watch button to subscribe.
