CVE-2024-22329

🗓️ 17 Apr 2024 01:21:46Reported by ibmType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 98 Views

IBM WebSphere SSRF vulnerability CVE-2024-22329

Reporter	Title	Published	Views	Family All 84
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management	9 Jan 202510:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-25026, CVE-2023-50313, CVE-2024-22329)	25 Jun 202411:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Match 360 is vulnerable to server-side request forgery from IBM WebSphere Application Server Liberty (CVE-2024-22329)	24 Jul 202421:56	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor	20 Nov 202414:59	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway	17 May 202413:55	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Standard is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).	9 May 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	15 Apr 202502:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.3 which is vulnerable to CVE-2024-27270 and CVE-2024-22329	15 Jul 202407:27	–	ibm
IBM Security Bulletins	Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update	19 May 202614:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data	3 Feb 202516:26	–	ibm

NVD

Vulners

Vulnrichment

Node

ibm websphere_application_serverRange8.5.0.0–8.5.5.26traditional

ibm websphere_application_serverRange9.0.0.0–9.0.5.20traditional

ibm websphere_application_serverRange17.0.0.3–24.0.0.4liberty

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "WebSphere Application Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.5, 9.0"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
      "cpe:2.3:a:ibm:websphere_application_server:24.0.0.3:*:*:*:liberty:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "WebSphere Application Server Liberty",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "24.0.0.3",
        "status": "affected",
        "version": "17.0.0.3",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/279951
ibm	www.ibm.com/support/pages/node/7148380

06 Mar 2025 19:22Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.14.3

EPSS0.00031

SSVC

CWE-918