GitLab Urgently Fixes Critical Vulnerability Allowing Unauthorized Pipeline Job Execution
September 16, 2024Bitter APT – Active IOCs
September 16, 2024GitLab Urgently Fixes Critical Vulnerability Allowing Unauthorized Pipeline Job Execution
September 16, 2024Bitter APT – Active IOCs
September 16, 2024Severity
High
Analysis Summary
CVE-2024-45076 CVSS:9.9
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
CVE-2024-45075 CVSS:8.8
IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
Impact
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-45076
- CVE-2024-45075
Affected Vendors
Affected Products
- IBM webMethods Integration 10.15
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.