Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8BA9CC64B83548CD8E8F0F7C2E29FED764D3F118B7745AD92CFA2B0723712953
HistoryAug 09, 2024 - 4:46 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

2024-08-0904:46:41
www.ibm.com
5
ibm
engineering test management
cross-site scripting
websphere application server
cve-2024-35153
security bulletin
vulnerability

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

6

Confidence

High

JSON

Summary

IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Engineering Test Management 7.0.2
7.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH61546.

CVE-2024-35153 may affect IBM Engineering Test Management which uses IBM WebSphere Application Server.

This affects WebSphere Application Server 9.0, 8.5.

If IBM Engineering Test Management product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7158662&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmibm_engineering_lifecycle_management_baseMatch702
OR
ibmibm_engineering_lifecycle_management_baseMatch703
VendorProductVersionCPE
ibmibm_engineering_lifecycle_management_base702cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:*:*:*:*:*:*:*
ibmibm_engineering_lifecycle_management_base703cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:*:*:*:*:*:*:*

Related

ibm 14
nvd 1
vulnrichment 1
cve 1
nessus 1
cvelist 1
ibm
ibm
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting (CVE-2024-35153)
2024-07-01 15:57:06
Security Bulletin: A cross-site scripting vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-35153)
2024-07-08 07:38:39
Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Maximo Asset and Service Management (CVE-2024-35153)
2024-07-12 08:31:48
nvd
nvd
CVE-2024-35153
2024-06-27 18:15:18
vulnrichment
vulnrichment
CVE-2024-35153 IBM WebSphere Application Server cross-site scripting
2024-06-27 17:19:04
cve
cve
CVE-2024-35153
2024-06-27 18:15:18
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 XSS (7158662)
2024-06-25 00:00:00
cvelist
cvelist
CVE-2024-35153 IBM WebSphere Application Server cross-site scripting
2024-06-27 17:19:04

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

6

Confidence

High

JSON
Related for 8BA9CC64B83548CD8E8F0F7C2E29FED764D3F118B7745AD92CFA2B0723712953
ibm14nvd1vulnrichment1cve1nessus1cvelist1