exploitDog

CVE-2024-23733

Опубликовано: 29 янв. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.

Ссылки

https://github.com/ekcrsm/CVE-2024-23733/tree/main

EPSS

Процентиль: 92%

0.09167

Низкий

7.5 High

CVSS3

Дефекты

CWE-522

Связанные уязвимости

GHSA-vxf4-hr69-67w5

CVSS3: 7.5

github

около 1 года назад

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.

EPSS

Процентиль: 92%

0.09167

Низкий

7.5 High

CVSS3

Дефекты

CWE-522