cbcvebase.
CVE-2024-23733
published 2025-01-29

CVE-2024-23733: The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.33%
81.4th percentile
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.

Detection & IOCsextracted from sources · hover to see the quote

url/WmAdmin/,/invoke/vm.server/login
path/WmAdmin/#/login/
  • Detect exploitation attempts by monitoring HTTP requests to /WmAdmin/#/login/ or /invoke/vm.server/login where the password field is blank (empty string) regardless of the username value supplied.
  • Alert on successful HTTP responses (e.g., 200 OK) from /WmAdmin/ administration panel endpoints following a login request with an empty password field, indicating improper access control bypass.
  • ·The vulnerability is present in Software AG webMethods Integration Server version 10.15.0 prior to Core_Fix7. Systems patched to Core_Fix7 or later are not affected.
  • ·The exploit was specifically tested and confirmed on build 10.15.0000-0092; other sub-builds within the 10.15.0 pre-Core_Fix7 range may also be vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.