Lucene search

IbmVULNRICHMENT:CVE-2024-35154

HistoryJul 09, 2024 - 9:57 p.m.

CVE-2024-35154 IBM WebSphere Application Server code execution

2024-07-0921:57:32

CWE-250

ibm

github.com

ibm

websphere

application server

code execution

vulnerability

remote attacker

administrative console

arbitrary code

x-force id

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "WebSphere Application Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.5, 9.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/292641

www.ibm.com/support/pages/node/7159825

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-35154