CVE-2024-45075

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-308
View all →

Vulnerability Description

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.

Related Vulnerabilities

CVE-2024-47652

HIGH
CVSS:8.1(High)

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their cor...

CWE-3082024

CVE-2023-49075

HIGH
CVSS:7.2(High)

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security fire...

CWE-3082023

CVE-2024-47652

HIGH
CVSS:8.1(High)

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their cor...

CWE-3082024

CVE-2023-49075

HIGH
CVSS:7.2(High)

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security fire...

CWE-3082023

CVE-2023-25681

MEDIUM
CVSS:6.5(Medium)

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect ...

CWE-3082023

CVE-2023-34228

MEDIUM
CVSS:6.5(Medium)

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions

CWE-3082023