header-logo
Suggest Exploit
vendor:
WebMethods Integration Server
by:
Rasime Ekici
7.1
CVSS
HIGH
Improper Access Control
284
CWE
Product Name: WebMethods Integration Server
Affected Version From: 10.15.0
Affected Version To: 10.15.0092
Patch Exists: YES
Related CWE: CVE-2024-23733
CPE: a:softwareag:webmethods_integration_server:10.15.0000-0092
Metasploit:
Other Scripts:
Platforms Tested:
2024

Improper Access on Login Page in WebMethods Integration Server

The login page in the Integration Server in Software AG webMethods 10.15.0 before Core Fix7 allows remote attackers to access the administration panel and obtain server hostname and version information by sending a dummy username and blank password to the login URI. By dropping the request to "/admin/navigation/license," attackers can remain logged in and access sensitive details such as the server's real hostname, version info, and administrative API endpoints.

Mitigation:

To mitigate this vulnerability, it is recommended to apply Core Fix7 or later patches provided by Software AG. Additionally, users should ensure that strong passwords are enforced to prevent unauthorized access.
Source

Exploit-DB raw data:

# Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page
# Date: 25-01-2024
# Exploit Author: Rasime Ekici
# Vendor Homepage: www.softwareag.com
# Version: 10.15.0000-0092
# Tested on: 10.15.0000-0092
# CVE : 2024-23733

Description:

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core Fix7 allows remote attackers to reach the administration panel,discovering server hostname and version information by sending arbitary username and blank password to the /WmAdmin/#/login/ uri

Interpret the http traffic and send a dummy username with blank password on login screen and drop the request to "/admin/navigation/license" to not logged out.Thus you may able to see:
-real hostname of the installed server
-version info
-administrative api endpoints

Navigation

Suggest Exploit

Services By CQR