IBM webMethods Integration Server Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in IBM webMethods Integration Server versions 10.5 prior to IS_10.5_Core_Fix28, 10.7 prior to IS_10.7_Core_Fix22, 10.11 prior to IS_10.11_Core_Fix10, and 10.15 prior to IS_10.15_Core_Fix13. This vulnerability allows a privileged user to escalate privileges when managing external entities, as the execution is carried out with unnecessary privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain elevated rights or access within the application.

Remediation

Users are advised to upgrade to IBM webMethods Integration Server versions IS_10.5_Core_Fix29, IS_10.7_Core_Fix23, IS_10.11_Core_Fix11 or IS_10.15_Core_Fix14. These fixes can be downloaded and installed via the IBM webMethods Update Manager. For more information on how to download webMethods software, refer to the IBM Support page.