CVE-2024-23733

High CVSS: 7.5

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.

Vendor

Product

CWE

CWE-522

Yayın Tarihi

2025-01-29 22:15:28

Güncelleme

2025-01-31 21:15:09

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-522 HIGH 2025

Referanslar

https://github.com/ekcrsm/CVE-2024-23733/tree/main