CVE-2024-22354

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/280401
https://www.ibm.com/support/pages/node/7148426
https://exchange.xforce.ibmcloud.com/vulnerabilities/280401
https://www.ibm.com/support/pages/node/7148426

Configurations

No configuration.

History

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 -
References	~~() https://www.ibm.com/support/pages/node/7148426 -~~	() https://www.ibm.com/support/pages/node/7148426 -

21 May 2024, 19:15

Type	Values Removed	Values Added
Summary	(en) IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.	(en) IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

17 Apr 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial, consumir recursos de memoria o realizar un ataque de server-side request forgery. ID de IBM X-Force: 280401.

17 Apr 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-17 01:15

Updated : 2024-11-21 08:56

NVD link : CVE-2024-22354

Mitre link : CVE-2024-22354

CVE.ORG link : CVE-2024-22354

JSON object : View

Products Affected

No product.

CWE

CWE-611

Improper Restriction of XML External Entity Reference

7.0 /10