Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8D8BD9C676212902DCA5D0E21802B3C6572DDE481E0221564756227C8AAA0E8C
HistoryApr 22, 2024 - 8:09 a.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server and Websphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-22329)

2024-04-2208:09:46
www.ibm.com
14
ibm security guardium
websphere application server
websphere liberty
vulnerability
server-side request forgery
remediation
cve-2024-22329

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Summary

WebSphere Application Server and Websphere Liberty is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1, 4.2, 4.2.1

Principal Product and Version(s)

| Affected Supporting Product and Version
โ€”|โ€”
IBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | Websphere Liberty 21.0.0.6
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2 | Websphere Liberty 22.0.0.12
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.2.1 | Websphere Liberty 23.0.0.9

Remediation/Fixes

Please consult the Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardium_key_lifecycle_managerMatch3.0
OR
ibmsecurity_guardium_key_lifecycle_managerMatch3.0.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.0
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.1.1
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.2
OR
ibmsecurity_guardium_key_lifecycle_managerMatch4.2.1
VendorProductVersionCPE
ibmsecurity_guardium_key_lifecycle_manager3.0cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager3.0.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.0cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.0:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.1.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.2cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.2.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*

Related

cnvd 1
ibm 59
vulnrichment 1
nvd 1
cvelist 1
nessus 2
cve 1
cnvd
cnvd
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability
2024-04-17 00:00:00
ibm
ibm
Security Bulletin: The IBMยฎ Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)
2024-05-13 07:33:30
Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery. (CVE-2024-22329)
2024-07-01 15:29:10
Security Bulletin: IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329
2024-06-12 13:43:00
vulnrichment
vulnrichment
CVE-2024-22329 IBM WebSphere Application Server server-side request forgery
2024-04-17 01:21:46
nvd
nvd
CVE-2024-22329
2024-04-17 02:15:10
cvelist
cvelist
CVE-2024-22329 IBM WebSphere Application Server server-side request forgery
2024-04-17 01:21:46
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.4 (7148380)
2024-04-16 00:00:00
IBM MQ 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157976)
2024-06-27 00:00:00
cve
cve
CVE-2024-22329
2024-04-17 02:15:10

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for 8D8BD9C676212902DCA5D0E21802B3C6572DDE481E0221564756227C8AAA0E8C
cnvd1ibm59vulnrichment1nvd1cvelist1nessus2cve1