206 matches found
CVE-2024-45074
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45074
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45076
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...
CVE-2024-45074 IBM webMethods Integration directory traversal
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45074
IBM webMethods Integration 10.15 contains a path traversal vulnerability (CVE-2024-45074) that can be exploited by an authenticated user to view arbitrary files via crafted URLs containing dot-dot sequences ("/../"). The issue is caused by insufficient input validation on directory traversal, ena...
CVE-2024-45074 IBM webMethods Integration directory traversal
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45075
IBM webMethods Integration 10.15 is affected by a privilege-escalation vulnerability where an authenticated user can create scheduler tasks to elevate privileges to administrator due to missing authentication. The issue is described in IBM’s Security Bulletin (CVE-2024-45075) and is associated wi...
CVE-2024-45075 IBM webMethods Integration privilege escalation
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...
CVE-2024-45075 IBM webMethods Integration privilege escalation
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...
CVE-2024-45076 IBM webMethods Integration code execution
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...
CVE-2024-45076 IBM webMethods Integration code execution
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system...
CVE-2024-45076
CVE-2024-45076 affects IBM webMethods Integration 10.15: an authenticated user can upload and execute arbitrary files on the underlying OS. IBM Security Bulletin indicates this is a code execution path via file upload/execution and lists Corefix 14 as the remediation; update/install through Updat...
IBM webMethods Integration 路径遍历漏洞
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A path traversal vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an attacker to send a specially crafted URL request containing the sequence "dot dot" /...
IBM webMethods Integration 代码问题漏洞
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A file upload vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to upload and execute arbitrary files that can be executed on the...
IBM webMethods Integration 安全漏洞
IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...
PT-2024-31419 · Ibm · Webmethods Integration
Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration version 10.15 Description: The issue allows an authenticated user to create scheduler tasks, enabling them to escalate their privileges to administrator due to missing authentication. This can lead to unauthorized...
PT-2024-31420 · Ibm · Webmethods Integration
Name of the Vulnerable Software and Affected Versions: IBM webMethods Integration version 10.15 Description: The issue allows an authenticated user to upload and execute arbitrary files, which could be executed on the underlying operating system. This flaw enables attackers to execute arbitrary...
CVE-2023-6578
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...
CVE-2023-6578
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...
Improper access control
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup...