| Titre | Software AG Web Methods 10.11.x, 10.15.x Inconsistent Access Control |
|---|
| Description | An issue in SoftwareAG WebMethods v.10.11.x and v.10.15.x allows a remote attacker to obtain sensitive information via the wm.server/connect/ or /assets/ files.
Some times, To access such file like /assets/, a popup may ask you to provide the username and password, just click CANCEL and you'll be redirected to the directory, on the top left cornet you'll find FQDN for the application server in ACTIVE DIRECTORY.
If you visited /invoke/wm.server/connect , you'll be able to see all listed data from internal IPs, ports, versions.
In some cases, I've noticed that it refuse connection to /assets/ directory for example, but if we entered /assets/x as a false value, then come back to /assets/ we will be able to see folder content, I think it's due to insufficient access control where referrer header maybe trusted.
* there's a governmental entities vulnerable to this vulnerability, their internal IPs, Ports, Active Directory FQDN exposed to public due to this bug.
|
|---|
| Utilisateur | mohammedhashayka (UID 58817) |
|---|
| Soumission | 22/11/2023 07:35 (il y a 3 ans) |
|---|
| Modérer | 07/12/2023 13:51 (15 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 247158 [Software AG WebMethods 10.11.x/10.15.x wm.server/connect/ élévation de privilèges] |
|---|
| Points | 17 |
|---|