CVE-2024-45075
IBM webMethods Integration privilege escalation
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
04 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
IBM · webMethods IntegrationWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →