| タイトル | Software AG Web Methods 10.11.x, 10.15.x Inconsistent Access Control |
|---|
| 説明 | An issue in SoftwareAG WebMethods v.10.11.x and v.10.15.x allows a remote attacker to obtain sensitive information via the wm.server/connect/ or /assets/ files.
Some times, To access such file like /assets/, a popup may ask you to provide the username and password, just click CANCEL and you'll be redirected to the directory, on the top left cornet you'll find FQDN for the application server in ACTIVE DIRECTORY.
If you visited /invoke/wm.server/connect , you'll be able to see all listed data from internal IPs, ports, versions.
In some cases, I've noticed that it refuse connection to /assets/ directory for example, but if we entered /assets/x as a false value, then come back to /assets/ we will be able to see folder content, I think it's due to insufficient access control where referrer header maybe trusted.
* there's a governmental entities vulnerable to this vulnerability, their internal IPs, Ports, Active Directory FQDN exposed to public due to this bug.
|
|---|
| ユーザー | mohammedhashayka (UID 58817) |
|---|
| 送信 | 2023年11月22日 07:35 (3 年 ago) |
|---|
| モデレーション | 2023年12月07日 13:51 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 247158 [Software AG WebMethods 10.11.x/10.15.x wm.server/connect/ 特権昇格] |
|---|
| ポイント | 17 |
|---|