CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45074 – IBM webMethods Integration directory traversal
https://notcve.org/view.php?id=CVE-2024-45074
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7167245 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45075 – IBM webMethods Integration privilege escalation
https://notcve.org/view.php?id=CVE-2024-45075
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. • https://www.ibm.com/support/pages/node/7167245 • CWE-308: Use of Single-factor Authentication •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45076 – IBM webMethods Integration code execution
https://notcve.org/view.php?id=CVE-2024-45076
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. • https://www.ibm.com/support/pages/node/7167245 • CWE-434: Unrestricted Upload of File with Dangerous Type •