Softwareag Webmethods
By the Year
In 2024 there have been 0 vulnerabilities in Softwareag Webmethods . Last year Webmethods had 1 security vulnerability published. Right now, Webmethods is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Webmethods vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Softwareag Webmethods Security Vulnerabilities
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x
CVE-2023-6578
6.5 - Medium
- December 07, 2023
A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Softwareag Webmethods or by Softwareag? Click the Watch button to subscribe.
