CVE-2024-22354

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22354
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/280401
https://www.ibm.com/support/pages/node/7148426
Configurations

No configuration.

History

21 May 2024, 19:15

Type Values Removed Values Added
Summary (en) IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. (en) IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial, consumir recursos de memoria o realizar un ataque de server-side request forgery. ID de IBM X-Force: 280401.

17 Apr 2024, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-17 01:15

Updated : 2024-05-21 19:15

NVD link : CVE-2024-22354

Mitre link : CVE-2024-22354

CVE.ORG link : CVE-2024-22354

JSON object : View

Products Affected

No product.

CWE
CWE-611

Improper Restriction of XML External Entity Reference