CVE-2025-36202
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | webMethods Integration | 10.15 | affected |
| IBM | webMethods Integration | 11.1 | affected |
Weaknesses
- CWE-134: CWE-134 Use of Externally-Controlled Format String
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.