Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration

Summary An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could...

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

CVE-2024-45076

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...

IBM webMethods Integration Multiple Vulnerabilities

RISK EVALUATION IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files. 2. RECOMMENDED PRACTICES Install webMethods Integration Corefix...

IBM webMethods Integration Path Traversal Vulnerability

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A path traversal vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an attacker to send a specially crafted URL request containing the sequence "dot dot" /...

IBM webMethods Integration Elevation of Privilege Vulnerability

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...

CVE-2024-45076

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...

CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-45074

IBM webMethods Integration 10.15 contains a path traversal vulnerability (CVE-2024-45074) that can be exploited by an authenticated user to view arbitrary files via crafted URLs containing dot-dot sequences ("/../"). The issue is caused by insufficient input validation on directory traversal, ena...

CVE-2024-45075 IBM webMethods Integration privilege escalation

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

CVE-2024-45075

IBM webMethods Integration 10.15 is affected by a privilege-escalation vulnerability where an authenticated user can create scheduler tasks to elevate privileges to administrator due to missing authentication. The issue is described in IBM’s Security Bulletin (CVE-2024-45075) and is associated wi...

CVE-2024-45075 IBM webMethods Integration privilege escalation

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

CVE-2024-45076

CVE-2024-45076 affects IBM webMethods Integration 10.15: an authenticated user can upload and execute arbitrary files on the underlying OS. IBM Security Bulletin indicates this is a code execution path via file upload/execution and lists Corefix 14 as the remediation; update/install through Updat...