CVE-2024-22354

🗓️ 17 Apr 2024 01:07:58Reported by ibmType

Vulnerability in IBM WebSphere Application Server

Reporter	Title	Published	Views	Family All 90
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to XML External Entity Injection attack due to IBM WebSphere Application Server Liberty (CVE-2024-22354)	1 Jul 202415:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)	19 Apr 202411:15	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor	20 Nov 202414:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability	19 Sep 202411:09	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway	17 May 202413:55	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Standard is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).	9 May 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)	17 Apr 202419:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities were discovered in IBM Verify Identity Governance	6 Feb 202506:16	–	ibm
IBM Security Bulletins	Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update	19 May 202614:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data	3 Feb 202516:26	–	ibm

NVD

Vulners

Node

ibm websphere_application_serverRange8.5.0.0–8.5.5.26traditional

ibm websphere_application_serverRange9.0.0.0–9.0.5.20traditional

ibm websphere_application_serverRange17.0.0.3–24.0.0.6liberty

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "WebSphere Application Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.5, 9.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WebSphere Application Server Liberty",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "24.0.0.5",
        "status": "affected",
        "version": "17.0.0.3",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
        "versionType": "cpe"
      },
      {
        "status": "affected",
        "version": "cpe:2.3:a:ibm:websphere_application_server:24.0.0.5:*:*:*:liberty:*:*:*",
        "versionType": "cpe"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/280401
ibm	www.ibm.com/support/pages/node/7148426

06 Mar 2025 19:21Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17

EPSS0.00019

SSVC

CWE-611