3 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7167245 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. • https://www.ibm.com/support/pages/node/7167245 • CWE-308: Use of Single-factor Authentication •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. • https://www.ibm.com/support/pages/node/7167245 • CWE-434: Unrestricted Upload of File with Dangerous Type •