CVE-2024-23733
published 2025-01-29CVE-2024-23733: The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.33%
81.4th percentile
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP requests to /WmAdmin/#/login/ or /invoke/vm.server/login where the password field is blank (empty string) regardless of the username value supplied. ↗
- →Alert on successful HTTP responses (e.g., 200 OK) from /WmAdmin/ administration panel endpoints following a login request with an empty password field, indicating improper access control bypass. ↗
- ·The vulnerability is present in Software AG webMethods Integration Server version 10.15.0 prior to Core_Fix7. Systems patched to Core_Fix7 or later are not affected. ↗
- ·The exploit was specifically tested and confirmed on build 10.15.0000-0092; other sub-builds within the 10.15.0 pre-Core_Fix7 range may also be vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-01-29
Published