CVE-2024-23733

The repository describes an incorrect access control vulnerability in Software AG webMethods API Integration Server 10.15.0, where sending a blank password with an arbitrary username allows access to the administrative dashboard, exposing hostname and version information. The writeup provides technical details about the affected components and attack vectors.

This exploit describes an authentication bypass vulnerability in WebMethods Integration Server 10.15.0.0000-0092, allowing remote attackers to access the administration panel and discover server hostname, version information, and administrative API endpoints by sending a dummy username with a blank password.