Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD02135923B23E869D7110886AD3E78BBA2216CDB1913A51292C0D145CBEE25CC
HistoryApr 22, 2024 - 5:11 p.m.

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-51775, CVE-2024-22329 and CVE-2024-22354)

2024-04-2217:11:30
www.ibm.com
4
websphere
service registry and repository
vulnerabilities
denial of service
server-side request forgery
xxe
ibm
security bulletin

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a Denial of Service, Server-side Request Forgery and XXE vulnerability affecting WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
WebSphere Service Registry and Repository 8.5

Remediation/Fixes

For WebSphere Application Server shipped with WebSphere Service Registry and Repository refer to the following security bulletins for vulnerability details and information about fixes:

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_service_registry_and_repositoryMatch8.5

Related

ibm 76
cnvd 2
nessus 5
cve 3
nvd 3
cvelist 3
veracode 1
github 1
osv 2
debiancve 1
prion 1
ubuntucve 1
cgr 1
wolfi 1
redhatcve 1
redhat 1
oracle 1
ibm
ibm
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2023-51775, CVE-2024-22354)
2024-05-29 05:40:35
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Standard is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
2024-05-09 09:40:52
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Advanced is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
2024-05-09 09:47:10
cnvd
cnvd
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability
2024-04-17 00:00:00
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty XML External Entity Injection Vulnerability
2024-04-17 00:00:00
nessus
nessus
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.6 (7148426)
2024-04-16 00:00:00
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 17.0.0.3 < 24.0.0.4 (7148380)
2024-04-16 00:00:00
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:1507-1)
2024-05-07 00:00:00
cve
cve
CVE-2024-22354
2024-04-17 01:15:06
CVE-2024-22329
2024-04-17 02:15:10
CVE-2023-51775
2024-02-29 01:42:05
nvd
nvd
CVE-2024-22329
2024-04-17 02:15:10
CVE-2024-22354
2024-04-17 01:15:06
CVE-2023-51775
2024-02-29 01:42:05
cvelist
cvelist
CVE-2024-22354 IBM WebSphere Application Server XML external entity injection
2024-04-17 01:07:58
CVE-2024-22329 IBM WebSphere Application Server server-side request forgery
2024-04-17 01:21:46
CVE-2023-51775
2023-12-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2024-03-05 06:37:59
github
github
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
osv
osv
CVE-2023-51775
2024-02-29 01:42:05
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
debiancve
debiancve
CVE-2023-51775
2024-02-29 01:42:05
prion
prion
Design/Logic Flaw
2024-02-29 01:42:00
ubuntucve
ubuntucve
CVE-2023-51775
2024-02-29 00:00:00
cgr
cgr
CVE-2023-51775 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-51775 vulnerabilities
2024-05-29 03:07:31
redhatcve
redhatcve
CVE-2023-51775
2024-02-29 09:03:19
redhat
redhat
(RHSA-2024:3550) Important: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.
2024-06-03 11:50:58
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for D02135923B23E869D7110886AD3E78BBA2216CDB1913A51292C0D145CBEE25CC
ibm76cnvd2nessus5cve3nvd3cvelist3veracode1github1osv2debiancve1prion1ubuntucve1cgr1wolfi1redhatcve1redhat1oracle1