va-24-254-01
Vulnerability from csaf_cisa
Published
2024-09-10 20:08
Modified
2024-09-10 20:08
Summary
IBM webMethods Integration Multiple Vulnerabilities

Notes

Risk Evaluation
IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files.
Legal Notice
All information products included in https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Countries and Areas Deployed
Worldwide
Recommended Practices
Install webMethods Integration Corefix 14 as described in https://www.ibm.com/support/pages/node/7167245
Company Headquarters Location
United States
Critical Infrastructure Sectors
Information Technology


To clipboard 

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files.",
        "title": "Risk Evaluation"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries and Areas Deployed"
      },
      {
        "category": "general",
        "text": "Install webMethods Integration Corefix 14 as described in https://www.ibm.com/support/pages/node/7167245",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company Headquarters Location"
      },
      {
        "category": "other",
        "text": "Information Technology",
        "title": "Critical Infrastructure Sectors"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "https://www.cisa.gov/report",
      "issuing_authority": "CISA",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "Vulnerability Advisory VA-24-254-01 CSAF",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-01.json"
      }
    ],
    "title": "IBM webMethods Integration Multiple Vulnerabilities",
    "tracking": {
      "current_release_date": "2024-09-10T20:08:00Z",
      "generator": {
        "date": "2024-11-27T04:03:47Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.15"
        }
      },
      "id": "VA-24-254-01",
      "initial_release_date": "2024-09-10T20:08:00Z",
      "revision_history": [
        {
          "date": "2024-09-10T20:08:00Z",
          "number": "1.0.0",
          "summary": "Initial publication"
        },
        {
          "date": "2024-11-14T01:00:00Z",
          "number": "1.0.1",
          "summary": "Fix acknowledgments, section headings"
        }
      ],
      "status": "final",
      "version": "1.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.15",
                "product": {
                  "name": "IBM webMethods Integration 10.15",
                  "product_id": "CSAFPID-0001"
                }
              },
              {
                "category": "product_version",
                "name": "Corefix 14",
                "product": {
                  "name": "IBM webMethods Integration Corefix 14",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "webMethods Integration"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Matthew Galligan"
          ],
          "organization": "CISA Rapid Action Force"
        }
      ],
      "cve": "CVE-2024-45075",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.",
          "title": "Description"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:P/A:N/T:T/2024-09-10T17:02:15Z/",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002"
        ],
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.ibm.com",
          "url": "https://www.ibm.com/support/pages/node/7167245"
        }
      ],
      "release_date": "2024-09-04T16:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install Corefix 14",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.ibm.com/support/pages/node/7167245"
        },
        {
          "category": "vendor_fix",
          "details": "Install Corefix 14",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://www.ibm.com/support/pages/node/7167245"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "IBM webMethods Integration allows privilege escalation via scheduled task using runAsUser"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Matthew Galligan"
          ],
          "organization": "CISA Rapid Action Force"
        }
      ],
      "cve": "CVE-2024-45076",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.",
          "title": "Description"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:P/A:N/T:T/2024-09-18T19:03:10Z/",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002"
        ],
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.ibm.com",
          "url": "https://www.ibm.com/support/pages/node/7167245"
        }
      ],
      "release_date": "2024-09-04T16:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install Corefix 14",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.ibm.com/support/pages/node/7167245"
        },
        {
          "category": "vendor_fix",
          "details": "Install Corefix 14",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://www.ibm.com/support/pages/node/7167245"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "IBM webMethods Integration allows arbitrary file upload and execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Matthew Galligan"
          ],
          "organization": "CISA Rapid Action Force"
        }
      ],
      "cve": "CVE-2024-45074",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.",
          "title": "Description"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:P/A:N/T:P/2024-09-10T17:04:49Z/",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002"
        ],
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.ibm.com",
          "url": "https://www.ibm.com/support/pages/node/7167245"
        }
      ],
      "release_date": "2024-09-04T16:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-04T04:00:00Z",
          "details": "Install Corefix 14",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.ibm.com/support/pages/node/7167245"
        },
        {
          "category": "vendor_fix",
          "date": "2024-09-04T04:00:00Z",
          "details": "Install Corefix 14",
          "product_ids": [
            "CSAFPID-0002"
          ],
          "url": "https://www.ibm.com/support/pages/node/7167245"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "IBM webMethods Integration allows arbitrary file read via checkFileRead bypass"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.