{ "document": { "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "coordinator", "contact_details": "https://www.cisa.gov/report", "issuing_authority": "CISA", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "title": "IBM webMethods Integration Multiple Vulnerabilities", "tracking": { "current_release_date": "2024-09-10T20:08:00Z", "generator": { "engine": { "name": "Secvisogram", "version": "2.5.15" }, "date": "2024-11-27T04:03:47Z" }, "id": "VA-24-254-01", "initial_release_date": "2024-09-10T20:08:00Z", "status": "final", "version": "1.0.1", "revision_history": [ { "number": "1.0.0", "summary": "Initial publication", "date": "2024-09-10T20:08:00Z" }, { "number": "1.0.1", "date": "2024-11-14T01:00:00Z", "summary": "Fix acknowledgments, section headings" } ] }, "distribution": { "tlp": { "label": "WHITE" } }, "notes": [ { "text": "IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files.", "title": "Risk Evaluation", "category": "summary" }, { "text": "All information products included in https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice", "category": "legal_disclaimer" }, { "text": "Worldwide", "title": "Countries and Areas Deployed", "category": "other" }, { "text": "Install webMethods Integration Corefix 14 as described in https://www.ibm.com/support/pages/node/7167245", "title": "Recommended Practices", "category": "general" }, { "text": "United States", "title": "Company Headquarters Location", "category": "other" }, { "text": "Information Technology", "title": "Critical Infrastructure Sectors", "category": "other" } ], "references": [ { "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-01.json", "summary": "Vulnerability Advisory VA-24-254-01 CSAF", "category": "self" } ], "lang": "en-US" }, "product_tree": { "branches": [ { "category": "vendor", "name": "IBM", "branches": [ { "category": "product_name", "name": "webMethods Integration", "branches": [ { "category": "product_version", "name": "10.15", "product": { "name": "IBM webMethods Integration 10.15", "product_id": "CSAFPID-0001" } }, { "category": "product_version", "name": "Corefix 14", "product": { "name": "IBM webMethods Integration Corefix 14", "product_id": "CSAFPID-0002" } } ] } ] } ] }, "vulnerabilities": [ { "cve": "CVE-2024-45075", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "summary", "text": "IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:P/A:N/T:T/2024-09-10T17:02:15Z/" } ], "title": "IBM webMethods Integration allows privilege escalation via scheduled task using runAsUser", "product_status": { "known_affected": [ "CSAFPID-0001" ], "fixed": [ "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7167245" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Install Corefix 14", "url": "https://www.ibm.com/support/pages/node/7167245", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Install Corefix 14", "url": "https://www.ibm.com/support/pages/node/7167245", "product_ids": [ "CSAFPID-0002" ] } ], "acknowledgments": [ { "names": [ "Matthew Galligan" ], "organization": "CISA Rapid Action Force" } ], "release_date": "2024-09-04T16:00:00Z" }, { "cve": "CVE-2024-45076", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "summary", "text": "IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:P/A:N/T:T/2024-09-18T19:03:10Z/" } ], "title": "IBM webMethods Integration allows arbitrary file upload and execution", "product_status": { "known_affected": [ "CSAFPID-0001" ], "fixed": [ "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7167245" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Install Corefix 14", "url": "https://www.ibm.com/support/pages/node/7167245", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Install Corefix 14", "url": "https://www.ibm.com/support/pages/node/7167245", "product_ids": [ "CSAFPID-0002" ] } ], "acknowledgments": [ { "names": [ "Matthew Galligan" ], "organization": "CISA Rapid Action Force" } ], "release_date": "2024-09-04T16:00:00Z" }, { "cve": "CVE-2024-45074", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "summary", "text": "IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:P/A:N/T:P/2024-09-10T17:04:49Z/" } ], "title": "IBM webMethods Integration allows arbitrary file read via checkFileRead bypass", "product_status": { "known_affected": [ "CSAFPID-0001" ], "fixed": [ "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7167245" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Install Corefix 14", "url": "https://www.ibm.com/support/pages/node/7167245", "product_ids": [ "CSAFPID-0001" ], "date": "2024-09-04T04:00:00Z" }, { "category": "vendor_fix", "details": "Install Corefix 14", "url": "https://www.ibm.com/support/pages/node/7167245", "product_ids": [ "CSAFPID-0002" ], "date": "2024-09-04T04:00:00Z" } ], "acknowledgments": [ { "names": [ "Matthew Galligan" ], "organization": "CISA Rapid Action Force" } ], "release_date": "2024-09-04T16:00:00Z" } ] }