| Название | Software AG Web Methods 10.11.x, 10.15.x Inconsistent Access Control |
|---|
| Описание | An issue in SoftwareAG WebMethods v.10.11.x and v.10.15.x allows a remote attacker to obtain sensitive information via the wm.server/connect/ or /assets/ files.
Some times, To access such file like /assets/, a popup may ask you to provide the username and password, just click CANCEL and you'll be redirected to the directory, on the top left cornet you'll find FQDN for the application server in ACTIVE DIRECTORY.
If you visited /invoke/wm.server/connect , you'll be able to see all listed data from internal IPs, ports, versions.
In some cases, I've noticed that it refuse connection to /assets/ directory for example, but if we entered /assets/x as a false value, then come back to /assets/ we will be able to see folder content, I think it's due to insufficient access control where referrer header maybe trusted.
* there's a governmental entities vulnerable to this vulnerability, their internal IPs, Ports, Active Directory FQDN exposed to public due to this bug.
|
|---|
| Пользователь | mohammedhashayka (UID 58817) |
|---|
| Представление | 22.11.2023 07:35 (3 лет назад) |
|---|
| Модерация | 07.12.2023 13:51 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 247158 [Software AG WebMethods 10.11.x/10.15.x wm.server/connect/ эскалация привилегий] |
|---|
| Баллы | 17 |
|---|