IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Ibm
  • Integration Bus
  • Z\/os

Configuration 1 [-]

AND
cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.ibm.com/support/pages/node/7239003 cve-icon cve-icon
History

Mon, 25 Aug 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm z\/os
CPEs cpe:2.3:a:ibm:integration_bus_for_z\/os:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
Vendors & Products Ibm integration Bus For Z\/os
Ibm z\/os

Thu, 14 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm integration Bus For Z\/os
CPEs cpe:2.3:a:ibm:integration_bus_for_z\/os:*:*:*:*:*:*:*:*
Vendors & Products Ibm integration Bus For Z\/os

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00019}

 epss

{'score': 0.00024}

Tue, 08 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 07 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
Description IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.
Title IBM Integration Bus for z/OS code injection
First Time appeared Ibm
Ibm integration Bus
Weaknesses CWE-94
CPEs cpe:2.3:a:ibm:integration_bus:10.1.0.5:*:*:*:*:zos:*:*
cpe:2.3:a:ibm:integration_bus:10.1:*:*:*:*:zos:*:*
Vendors & Products Ibm
Ibm integration Bus
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-07-07T16:15:53.537Z

Updated: 2025-08-24T11:31:56.048Z

Reserved: 2025-04-15T21:16:07.862Z

Link: CVE-2025-36014

cve-icon Vulnrichment

Updated: 2025-07-08T13:49:17.976Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-07T17:15:27.890

Modified: 2025-08-25T02:19:33.600

Link: CVE-2025-36014

cve-icon Redhat

No data.