CVE-2024-45074

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
Link Resource
https://www.ibm.com/support/pages/node/7167245 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*

History

06 Sep 2024, 16:45

Type Values Removed Values Added
First Time Ibm
Ibm webmethods Integration
References () https://www.ibm.com/support/pages/node/7167245 - () https://www.ibm.com/support/pages/node/7167245 - Vendor Advisory
CPE cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) IBM webMethods Integration 10.15 podría permitir que un usuario autenticado recorra directorios en el sistema. Un atacante podría enviar una solicitud de URL especialmente manipulada que contenga secuencias de "punto punto" (/../) para ver archivos arbitrarios en el sistema.

04 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 16:15

Updated : 2024-09-06 16:45


NVD link : CVE-2024-45074

Mitre link : CVE-2024-45074

CVE.ORG link : CVE-2024-45074


JSON object : View

Products Affected

ibm

  • webmethods_integration
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')