Rasime Ekici

**Name of the Vulnerable Software and Affected Versions** Software AG webMethods versions 10.15.0 before Core Fix7 **Description** The issue allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary `username` and a blank `password` to the "/WmAdmin/#/login/" API endpoint. **Recommendations** For Software AG webMethods versions 10.15.0 before Core Fix7, consider disabling access to the "/WmAdmin/#/login/" API endpoint until a patch is available. Restrict the use of the `username` and `password` variables in this endpoint to minimize the risk of exploitation.