IBM webMethods Integration is a middleware platform used for integrating and orchestrating business processes. This vulnerability allows an authenticated user to execute arbitrary code on the system by deserializing untrusted object graphs data.
IBM webMethods Integration is a middleware platform used for integrating and orchestrating business processes. This vulnerability allows an authenticated user to execute arbitrary code on the system by deserializing untrusted object graphs data.
Affected versions: 10.11, 10.15, 11.1 If you don't recognise this software, you're probably not affected.
Upgrade to IBM webMethods Integration version 11.1_Core_Fix6 or later.
- Immediate mitigations:
- Restrict network access to your webMethods Integration instance (firewall it from the public internet).
- Audit admin account activity for suspicious access patterns.
- Monitor for unauthorized token creation.