CVE-2024-45074 – IBM webMethods Integration directory traversal
https://notcve.org/view.php?id=CVE-2024-45074
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7167245 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-45075 – IBM webMethods Integration privilege escalation
https://notcve.org/view.php?id=CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. • https://www.ibm.com/support/pages/node/7167245 • CWE-308: Use of Single-factor Authentication •
CVE-2024-45076 – IBM webMethods Integration code execution
https://notcve.org/view.php?id=CVE-2024-45076
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. • https://www.ibm.com/support/pages/node/7167245 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-35133 – IBM Security Verify Access HTTP open redirect
https://notcve.org/view.php?id=CVE-2024-35133
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. • https://exchange.xforce.ibmcloud.com/vulnerabilities/291026 https://www.ibm.com/support/pages/node/7166712 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-35118 – IBM MaaS360 information disclosure
https://notcve.org/view.php?id=CVE-2024-35118
IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device. • https://www.ibm.com/support/pages/node/7166750 https://exchange.xforce.ibmcloud.com/vulnerabilities/290341 • CWE-798: Use of Hard-coded Credentials •