PT-2026-42763

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

EUVD-2023-58802

Malicious code in bioql PyPI...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

CVE-2023-6578

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...

CVE-2020-35469

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

PT-2025-2365 · Software Ag · Webmethods

Name of the Vulnerable Software and Affected Versions: Software AG webMethods versions 10.15.0 before Core Fix7 Description: The issue allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to t...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

CVE-2024-23733

Software AG webMethods 10.15.0 is affected by CVE-2024-23733 due to an authentication bypass on the admin login page. The vulnerability exists in the WmAdmin login endpoint (/WmAdmin/#/login/) and allows remote attackers to reach the administration panel and reveal hostname and version informatio...

Software AG webMethods 安全漏洞

Software AG webMethods is Software AG's suite of integration and application development tools used to help organizations with tasks such as application integration, data integration, business process management, and application development. webMethods is designed to help organizations better...

ARIS: Business Process Management 10.0.21.0 Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in ARIS: Business Process Management Edition Version 10.0.21.0 Exploit Author: Seid Yassin Date: 2024-03-28 Vendor: Software AG Software Link: https://aris.com/ Version: ARIS: Business Process Management Description: Discovered a file upload feature...

CVE-2023-6578

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...

CVE-2023-6578

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...

Improper access control

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...

CVE-2023-6578

Summary (CVE-2023-6578) : Software AG WebMethods versions 10.11.x–10.15.x are affected by an access-control vulnerability in the wm.server/connect/ area. The issue allows remote access by manipulating access controls, potentially exposing internal IPs, ports, and versions when visiting /invoke/wm...

CVE-2023-6578 Software AG WebMethods access control

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...

Software AG webMethods Access Control Error Vulnerability

Software AG webMethods is Software AG's suite of integration and application development tools used to help organizations with tasks such as application integration, data integration, business process management, and application development. webMethods is designed to help organizations better...

CVE-2023-0925 Software AG webMethods OneData Deserialization Vulnerability

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

Software AG webMethods 代码问题漏洞

Software AG webMethods is Software AG's suite of integration and application development tools used to help organizations with tasks such as application integration, data integration, business process management, and application development. webMethods is designed to help organizations better...