Lucene search
IbmCVELIST:CVE-2024-45074HistorySep 04, 2024 - 4:02 p.m.
CVE-2024-45074 IBM webMethods Integration directory traversal
2024-09-0416:02:16
CWE-22
ibm
www.cve.org
2
ibm
webmethods
directory traversal
vulnerability
authenticated user
url request
arbitrary files
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
19.8%
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webMethods Integration",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.15"
}
]
}
]References
Related
nvd
nvd
CVE-2024-45074
2024-09-04 16:15:08
cve
cve
CVE-2024-45074
2024-09-04 16:15:08
vulnrichment
vulnrichment
CVE-2024-45074 IBM webMethods Integration directory traversal
2024-09-04 16:02:16
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration
2024-09-04 17:01:39
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
19.8%
Related for CVELIST:CVE-2024-45074