CVE-2024-45075 is a high-severity vulnerability affecting IBM webMethods Integration version 10.15. The vulnerability is classified under CWE-306, which refers to missing authentication for a critical function. Specifically, this flaw allows an authenticated user with limited privileges to create scheduler tasks without proper authentication controls. By exploiting this weakness, the user can escalate their privileges to administrator level. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a high impact on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and only low privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. The vulnerability allows an attacker to gain full administrative control over the IBM webMethods Integration environment, potentially enabling unauthorized access to sensitive data, modification or disruption of integration workflows, and further lateral movement within the enterprise network. Although no known exploits are currently reported in the wild, the critical nature of the vulnerability and the ease of exploitation make it a significant risk for organizations using this product. IBM has not yet published a patch or mitigation guidance at the time of this report, increasing the urgency for affected organizations to implement compensating controls.

For European organizations, the impact of CVE-2024-45075 can be severe due to the widespread use of IBM webMethods Integration in enterprise environments for critical business process automation and system integration. Successful exploitation could lead to unauthorized administrative access, allowing attackers to manipulate integration workflows, exfiltrate sensitive data, disrupt business operations, or deploy further malware. This could result in significant operational downtime, financial losses, regulatory non-compliance (especially under GDPR), and reputational damage. Given the critical role of integration platforms in connecting various internal and external systems, the vulnerability could also serve as a pivot point for broader network compromise. Organizations in sectors such as finance, manufacturing, telecommunications, and government services in Europe, which rely heavily on IBM webMethods for their integration needs, are particularly at risk. The lack of a patch increases the window of exposure, necessitating immediate risk mitigation.

1. Restrict access to IBM webMethods Integration consoles and scheduler functionalities to only trusted and essential personnel using network segmentation and strict access control lists (ACLs). 2. Implement strong authentication mechanisms and monitor for any unauthorized privilege escalations or suspicious scheduler task creations. 3. Employ application-layer firewalls or web application firewalls (WAFs) to detect and block anomalous requests targeting scheduler task creation endpoints. 4. Conduct regular audits of scheduler tasks and user privileges to identify and remove any unauthorized or suspicious entries. 5. Use logging and real-time monitoring tools to detect unusual activity patterns indicative of exploitation attempts. 6. Engage with IBM support for any available patches or official mitigation guidance and plan for rapid deployment once available. 7. Consider temporary disabling or limiting the scheduler task creation feature if business operations allow, until a patch is released. 8. Educate administrators and users about the risk and signs of exploitation to enhance early detection.