CVE-2024-45075

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration version 10.15

Description The issue allows an authenticated user to create scheduler tasks, enabling them to escalate their privileges to administrator due to missing authentication. This can lead to unauthorized access and control.

Recommendations For IBM webMethods Integration version 10.15, consider disabling the scheduler task creation feature for authenticated users until a patch is available to prevent privilege escalation. Restrict access to the scheduler module to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-308

Related Identifiers

CVE-2024-45075

Affected Products

Webmethods Integration

CVE-2024-45075

Weakness Enumeration

Related Identifiers

Affected Products

References · 14