CVE-2024-45076

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration version 10.15

Description The issue allows an authenticated user to upload and execute arbitrary files, which could be executed on the underlying operating system. This flaw enables attackers to execute arbitrary commands, escalating privileges and accessing sensitive files. Immediate action is required to address this flaw.

Recommendations For IBM webMethods Integration version 10.15, consider disabling the file upload feature until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to prevent arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.