CVE-2024-45075

Published: Sep 4, 2024Modified: Sep 29, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.

Affected (1)

Products: Ibm: Webmethods Integration

Ibm

1 product

Webmethods Integration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Webmethods Integration	Version 10.15

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://www.ibm.com/support/pages/node/7167245

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.