Lucene search
HistorySep 04, 2024 - 4:15 p.m.
CVE-2024-45075
ibm
webmethods
integration
privilege escalation
authenticated user
scheduler tasks
missing authentication
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
Affected configurations
Node
ibmwebmethods_integrationMatch10.15
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | webmethods_integration | 10.15 | cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:* |
References
Related
cve
cve
CVE-2024-45075
2024-09-04 16:15:08
vulnrichment
vulnrichment
CVE-2024-45075 IBM webMethods Integration privilege escalation
2024-09-04 16:01:17
cvelist
cvelist
CVE-2024-45075 IBM webMethods Integration privilege escalation
2024-09-04 16:01:17
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration
2024-09-04 17:01:39
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
Related for NVD:CVE-2024-45075