Lucene search
IbmCVE-2024-45074HistorySep 04, 2024 - 4:15 p.m.
CVE-2024-45074
2024-09-0416:15:08
CWE-22
ibm
web.nvd.nist.gov
23
ibm webmethods integration
directory traversal
authenticated user
url request
arbitrary files
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
19.8%
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
Affected configurations
Node
ibmwebmethods_integrationMatch10.15
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | webmethods_integration | 10.15 | cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:* |
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webMethods Integration",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.15"
}
]
}
]References
Related
nvd
nvd
CVE-2024-45074
2024-09-04 16:15:08
cvelist
cvelist
CVE-2024-45074 IBM webMethods Integration directory traversal
2024-09-04 16:02:16
vulnrichment
vulnrichment
CVE-2024-45074 IBM webMethods Integration directory traversal
2024-09-04 16:02:16
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration
2024-09-04 17:01:39
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
19.8%
Related for CVE-2024-45074