CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.0%
A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager ( CVE-2024-22354 )
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli System Automation Application Manager | 4.1 |
IBM strongly recommends addressing the vulnerability now by upgrading WebSphere Application Server.
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
IBM Tivoli System Automation Application Manager 4.1 | WebSphere Application Server 8.5 | Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354) |
IBM Tivoli System Automation Application Manager 4.1 | WebSphere Application Server 9.0 | Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354) |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_system_automation_application_manager | 4.1 | cpe:2.3:a:ibm:tivoli_system_automation_application_manager:4.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.0%