IBM WebMethods Integration Vulnerability Allows Arbitrary File Execution
CVE-2024-45076

9.9CRITICAL

Key Information:

Vendor: IBM
Status: Webmethods Integration
Vendor: CVE Published:; 4 September 2024

Summary

The vulnerability in IBM webMethods Integration 10.15 permits authenticated users to upload arbitrary files, which can subsequently be executed on the underlying operating system. This could potentially compromise system integrity, allowing adversaries to exploit the system by executing malicious code or file manipulations. Proper mitigation strategies should be employed to prevent unauthorized file uploads and enhance overall system security.

References

https://www.ibm.com/support/pages/node/7167245

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 4, 2024