YAJSW service is used for registering XSLD services with operating system. Vulnerabilities CVE-2024-29131 and CVE-2024-29133 are reported on commons-configuration2-2.8.0.jar used in YAJSW package.
CVEID:CVE-2024-29131
**DESCRIPTION:**Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286004 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2024-29133
**DESCRIPTION:**Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286005 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
WebSphere Extreme Scale | 8.6.1.0 - 8.6.1.6 |
Product | Version(s) | APAR | Remediation/First Fix |
---|---|---|---|
IBM WebSphere eXtreme Scale | 8.6.1.0 - 8.6.1.6 | PH61029 |
For older versions, upgrade to latest fixpack 8.6.1.6 and then apply the PH61029 iFix. If you are using 8.6.1.6 directly apply the PH61029 iFix.
Recommended Fixes page for WebSphere eXtreme Scale
None
CPE | Name | Operator | Version |
---|---|---|---|
websphere extreme scale | eq | 8.6.1 |