Lucene search

IBMDF4D2A8A8C5E34BDAF94F7F8CFD9F92F76AAE27AD4C991C686B7A4FF1F15A39C

HistorySep 04, 2024 - 5:01 p.m.

Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration

2024-09-0417:01:39

www.ibm.com

ibm webmethods integration

authenticated user

arbitrary files

privilege escalation

os command execution

directory traversal

vulnerability

version 10.15

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

19.8%

JSON

Summary

An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could potentially allow an authenticated developer user to write an OSCommand.cnf file and then execute arbitrary commands on the server. webMethods Integration Server may also allow an authenticated developer to read /…/… files, even after checkFileRead is set.

Vulnerability Details

CVEID:CVE-2024-45076
**DESCRIPTION:**IBM webMethods Integration could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
CVSS Base score: 9.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2024-45075
**DESCRIPTION:**IBM webMethods Integration could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-45074
**DESCRIPTION:**IBM webMethods Integration could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351729 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM webMethods Integration	10.15

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now.

Download here - Install Corefix 14 of Integration Server using Update Manager

Instructions to apply the fix - <https://documentation.softwareag.com/a_installer_and_update_manager/Using_SAG_Update_Manager_for_10-5_and_later/#page/sag-update-manager-help%2Fta-checking_for_fixes_on_empower.html%23>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmwebmethods_integrationMatch10.15

VendorProductVersionCPE
ibmwebmethods_integration10.15cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	webmethods_integration	10.15	cpe:2.3:a:ibm:webmethods_integration:10.15:::::::*

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

19.8%

JSON

Related for DF4D2A8A8C5E34BDAF94F7F8CFD9F92F76AAE27AD4C991C686B7A4FF1F15A39C