7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE (CVE-2024-22354).
CVEID:CVE-2024-22354
**DESCRIPTION:**IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Explorer DAE Analytical Components |
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
IBM Watson Explorer DAE Foundational Components|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
IBM Watson Explorer Analytical Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
IBM Watson Explorer Foundational Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
Affected Product | Affected Versions | Fix |
---|---|---|
IBM Watson Explorer DAE Analytical Components |
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
|
Upgrade to Version 12.0.3.15.
See Watson Explorer Version 12.0.3.15 Analytical Components for download information and instructions.
IBM Watson Explorer DAE Foundational Components|
12.0.0.0, 12.0.0.1
12.0.1,
12.0.2.0 - 12.0.2.2,
12.0.3.0 - 12.0.3.14
|
Upgrade to Version 12.0.3.15.
See Watson Explorer Version 12.0.3.15 Foundational Components for download information and instructions.
IBM Watson Explorer Analytical Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
|
Upgrade to Watson Explorer Analytical Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
IBM Watson Explorer Foundational Components|
11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.18
|
Upgrade to Watson Explorer Foundational Components Version 11.0.2 Fix Pack 19. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.
None
7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%