WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage: www.softwareag.com Version: 10.15.0000-0092 Tested on: 10.15.0000-0092 CVE : 2024-23733 Description: The /WmAdmin/,/invoke/vm.server/login...

📄 WebMethods Integration Server 10.15.0.0000-0092 Access Bypass

WebMethods Integration Server version 10.15.0.0000-0092 has an issue where blank credentials can allow access to the administrative panel. Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage:...

Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration

Summary An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could...

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

IBM webMethods Integration Multiple Vulnerabilities

RISK EVALUATION IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files. 2. RECOMMENDED PRACTICES Install webMethods Integration Corefix...

IBM webMethods Integration Path Traversal Vulnerability

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A path traversal vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an attacker to send a specially crafted URL request containing the sequence "dot dot" /...

IBM webMethods Integration Elevation of Privilege Vulnerability

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-45076

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...

CVE-2024-45074

IBM webMethods Integration 10.15 contains a path traversal vulnerability (CVE-2024-45074) that can be exploited by an authenticated user to view arbitrary files via crafted URLs containing dot-dot sequences ("/../"). The issue is caused by insufficient input validation on directory traversal, ena...

CVE-2024-45075

IBM webMethods Integration 10.15 is affected by a privilege-escalation vulnerability where an authenticated user can create scheduler tasks to elevate privileges to administrator due to missing authentication. The issue is described in IBM’s Security Bulletin (CVE-2024-45075) and is associated wi...

IBM webMethods Integration 路径遍历漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A path traversal vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an attacker to send a specially crafted URL request containing the sequence "dot dot" /...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A file upload vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to upload and execute arbitrary files that can be executed on the...

IBM webMethods Integration 安全漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...

PT-2024-31419 · Ibm · Webmethods Integration

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration version 10.15 Description: The issue allows an authenticated user to create scheduler tasks, enabling them to escalate their privileges to administrator due to missing authentication. This can lead to unauthorized...

PT-2024-31420 · Ibm · Webmethods Integration

Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration version 10.15 Description: The issue allows an authenticated user to upload and execute arbitrary files, which could be executed on the underlying operating system. This flaw enables attackers to execute arbitrary...

Directory traversal

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...

CVE-2006-0732

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...

CVE-2006-0732

Directory traversal vulnerability in SAP Business Connector BC 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to 1 sapbc/SAP/chopSAPLog.dsp or 2 invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended...