PT-2025-38725 · Ibm · Webmethods Integration

Rob Maslen

Publicado

2025-09-22

Atualizado

2025-09-22

CVE-2025-36202

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration versions 10.15 and 11.1

Description An authenticated user with execute Services permissions may be able to execute commands on the system. This is due to improper validation of format string strings received from an external source.

Recommendations Apply updates to address improper validation of format string strings for IBM webMethods Integration version 10.15. Apply updates to address improper validation of format string strings for IBM webMethods Integration version 11.1.

Correção

Use of Externally-Controlled Format String

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-134

Identificadores relacionados

BDU:2025-11544

CVE-2025-36202

Produtos afetados

Webmethods Integration

PT-2025-38725 · Ibm · Webmethods Integration

CVE-2025-36202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5