Rob Maslen

**Name of the Vulnerable Software and Affected Versions** IBM webMethods Integration versions 10.15 and 11.1 **Description** An authenticated user with execute Services permissions may be able to execute commands on the system. This is due to improper validation of format string strings received from an external source. **Recommendations** Apply updates to address improper validation of format string strings for IBM webMethods Integration version 10.15. Apply updates to address improper validation of format string strings for IBM webMethods Integration version 11.1.

**Name of the Vulnerable Software and Affected Versions** IBM webMethods Integration Server versions 10.5 through 10.15 **Description** The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. **Recommendations** For versions 10.5 through 10.15, consider restricting the handling of external entities to necessary privileges only, until a proper fix is available. As a temporary workaround, consider disabling the execution of external entities with elevated privileges to minimize the risk of exploitation.