IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
References
Link | Resource |
---|---|
https://www.ibm.com/support/pages/node/7173263 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Oct 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.ibm.com/support/pages/node/7173263 - Vendor Advisory | |
CPE | cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* |
|
First Time |
Ibm
Oracle solaris Ibm aix Hp Linux linux Kernel Hp hp-ux Ibm i Linux Ibm z\/os Oracle Ibm websphere Application Server Microsoft Microsoft windows |
18 Oct 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-16 17:15
Updated : 2024-10-21 13:41
NVD link : CVE-2024-45072
Mitre link : CVE-2024-45072
CVE.ORG link : CVE-2024-45072
JSON object : View
Products Affected
ibm
- i
- websphere_application_server
- aix
- z\/os
linux
- linux_kernel
oracle
- solaris
microsoft
- windows
hp
- hp-ux
CWE
CWE-611
Improper Restriction of XML External Entity Reference