206 matches found
Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management
Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...
Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration
Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...
WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page
Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage: www.softwareag.com Version: 10.15.0000-0092 Tested on: 10.15.0000-0092 CVE : 2024-23733 Description: The /WmAdmin/,/invoke/vm.server/login...
📄 WebMethods Integration Server 10.15.0.0000-0092 Access Bypass
WebMethods Integration Server version 10.15.0.0000-0092 has an issue where blank credentials can allow access to the administrative panel. Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage:...
Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration
Summary An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could...
CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...
CVE-2024-45076
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...
CVE-2024-23733
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...
PT-2025-2365 · Software Ag · Webmethods
Name of the Vulnerable Software and Affected Versions: Software AG webMethods versions 10.15.0 before Core Fix7 Description: The issue allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to t...
CVE-2024-23733
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...
CVE-2024-23733
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...
CVE-2024-23733
Software AG webMethods 10.15.0 is affected by CVE-2024-23733 due to an authentication bypass on the admin login page. The vulnerability exists in the WmAdmin login endpoint (/WmAdmin/#/login/) and allows remote attackers to reach the administration panel and reveal hostname and version informatio...
Software AG webMethods 安全漏洞
Software AG webMethods is Software AG's suite of integration and application development tools used to help organizations with tasks such as application integration, data integration, business process management, and application development. webMethods is designed to help organizations better...
IBM webMethods Integration Multiple Vulnerabilities
RISK EVALUATION IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files. 2. RECOMMENDED PRACTICES Install webMethods Integration Corefix...
IBM webMethods Integration Path Traversal Vulnerability
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A path traversal vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an attacker to send a specially crafted URL request containing the sequence "dot dot" /...
IBM webMethods Integration Elevation of Privilege Vulnerability
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...
IBM webMethods Integration File Upload Vulnerability
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A file upload vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to upload and execute arbitrary files that can be executed on the...
CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...
CVE-2024-45076
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...
CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...