This page lists publicly disclosed CVE vulnerabilities affecting ibm integration_bus (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-36014 | IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory. | [email protected] | 8.2 | 0.08% | 2025-07-07 | 2025-08-25 |
| CVE-2024-22356 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. | [email protected] | 4.9 | 0.06% | 2024-03-26 | 2025-01-28 |
| CVE-2024-27265 | IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | [email protected] | 4.5 | 0.04% | 2024-03-14 | 2024-11-21 |
| CVE-2024-22332 | The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | [email protected] | 6.5 | 0.06% | 2024-02-09 | 2024-11-21 |
| CVE-2023-45176 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. | [email protected] | 6.2 | 0.04% | 2023-10-14 | 2024-11-21 |
| CVE-2018-1801 | IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. | [email protected] | 5.3 | 0.27% | 2019-02-04 | 2024-11-21 |
| CVE-2017-1418 | IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. | [email protected] | 4.0 | 0.04% | 2018-11-26 | 2024-11-21 |
| CVE-2017-1693 | IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164. | [email protected] | 5.6 | 0.29% | 2018-01-19 | 2024-11-21 |
| CVE-2017-1694 | IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | [email protected] | 8.1 | 0.14% | 2017-12-20 | 2026-05-13 |
| CVE-2017-1126 | IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. | [email protected] | 5.3 | 0.19% | 2017-10-04 | 2026-05-13 |
| CVE-2017-1144 | IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | [email protected] | 2.5 | 0.06% | 2017-07-05 | 2026-05-13 |
| CVE-2017-1207 | IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. | [email protected] | 5.5 | 0.05% | 2017-07-05 | 2026-05-13 |
| CVE-2016-9706 | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | [email protected] | 9.1 | 0.39% | 2017-02-15 | 2026-05-13 |
| CVE-2016-9010 | IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. | [email protected] | 6.1 | 0.19% | 2017-02-15 | 2026-05-13 |
| CVE-2016-8918 | IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | [email protected] | 5.9 | 0.19% | 2017-02-01 | 2026-05-13 |
| CVE-2016-0394 | IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | [email protected] | 3.3 | 0.05% | 2017-02-01 | 2026-05-13 |
| CVE-2016-2961 | The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. | [email protected] | 5.3 | 0.15% | 2016-07-02 | 2026-05-06 |
| CVE-2015-7399 | IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | [email protected] | 5.3 | 0.38% | 2016-01-11 | 2026-05-06 |
| CVE-2015-5011 | IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | [email protected] | 3.2 | 0.12% | 2015-10-26 | 2026-05-06 |
| CVE-2015-2018 | IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | [email protected] | 3.5 | 0.15% | 2015-08-23 | 2026-05-06 |