Cyber Resilience

CVE-2024-23733

High

Published: 29 January 2025

Published
29 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1810 95.3th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23733 is a high-severity Insufficiently Protected Credentials (CWE-522) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and IA-5 (Authenticator Management).

Deeper analysis

The vulnerability is an information disclosure flaw in the Integration Server component of Software AG webMethods 10.15.0 prior to Core_Fix7. It resides in the /WmAdmin/ and /invoke/vm.server/login login pages, which fail to enforce proper authentication checks and thereby expose the administration panel.

Remote unauthenticated attackers can exploit the issue over the network by submitting an arbitrary username together with a blank password to the /WmAdmin/#/login/ URI. Successful requests grant access to the panel and allow retrieval of the target hostname and product version, corresponding to a CVSS 3.1 score of 7.5 under CWE-522.

The description indicates that Core_Fix7 addresses the exposure. Public references include a GitHub repository containing further technical details and a proof-of-concept.

The associated EPSS score reached a peak of 0.2497 (current value 0.1810), reflecting a material rise that signals increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the…

more

/WmAdmin/#/login/ URI.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Why these techniques?

Direct exploitation of public-facing web app for unauth access (T1190); immediate post-exploit disclosure of hostname/version enables system info discovery (T1082).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23958Shared CWE-522
CVE-2026-35467Shared CWE-522
CVE-2024-41770Shared CWE-522
CVE-2024-41771Shared CWE-522
CVE-2025-27648Shared CWE-522
CVE-2024-57395Shared CWE-522
CVE-2020-37097Shared CWE-522
CVE-2025-58130Shared CWE-522
CVE-2026-20791Shared CWE-522
CVE-2026-23658Shared CWE-522

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits sensitive actions such as accessing the administration panel without identification or authentication, directly mitigating the blank password bypass that discloses hostname and version information.

prevent

Manages authenticators to require strong credentials and change defaults, preventing acceptance of blank passwords in the vulnerable login mechanism.

prevent

Requires timely remediation of flaws like the authentication bypass in webMethods Integration Server through patching to Core_Fix7 or later.

References