Webmethods Integration
CVE-2024-45076
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (us) · only source for this CVE.
CVSS VectorVendor: us
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
AnalysisAI
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. Affected products include: Ibm Webmethods Integration.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Webmethods Integration
View allCVE-2025-36049 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to es
Privilege escalation vulnerability in IBM webMethods Integration Server affecting versions 10.5, 10.7, 10.11, and 10.15,
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. Rated medium s
IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fi
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute co
IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CV
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today