CVE-2024-23733 Information

Description

The /WmAdmin//invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin//login/ URI.

Reference

https://github.com/ekcrsm/CVE-2024-23733/tree/main