Lucene search

[email protected]NVD:CVE-2024-45074

HistorySep 04, 2024 - 4:15 p.m.

CVE-2024-45074

2024-09-0416:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2024-45074

ibm webmethods

directory traversal

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.8%

JSON

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.

Affected configurations

Nvd

Node

ibmwebmethods_integrationMatch10.15

VendorProductVersionCPE
ibmwebmethods_integration10.15cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	webmethods_integration	10.15	cpe:2.3:a:ibm:webmethods_integration:10.15:::::::*

References

www.ibm.com/support/pages/node/7167245

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2024-45074

cve1 cvelist1 vulnrichment1 ibm1