Privilege Escalation Vulnerability in IBM webMethods Integration
CVE-2024-45075

8.8HIGH

Key Information:

Vendor: IBM
Status: Webmethods Integration
Vendor: CVE Published:; 4 September 2024

What is CVE-2024-45075?

The vulnerability in IBM webMethods Integration 10.15 allows an authenticated user to create scheduling tasks that can mistakenly grant them elevated privileges to administrator levels. This issue arises from inadequate authentication measures, posing a significant risk to system integrity and user access controls.

References

https://www.ibm.com/support/pages/node/7167245

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024