CVE-2024-45085

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7173128	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*

History

08 Nov 2024, 15:13

Type	Values Removed	Values Added
First Time		Ibm Ibm websphere Application Server
CPE		cpe:2.3:a:ibm:websphere_application_server:::::traditional:::*
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 7.5
References	~~() https://www.ibm.com/support/pages/node/7173128 -~~	() https://www.ibm.com/support/pages/node/7173128 - Vendor Advisory

16 Oct 2024, 16:38

Type	Values Removed	Values Added
Summary		(es) IBM WebSphere Application Server 8.5 es vulnerable a una denegación de servicio, en determinadas configuraciones, provocada por una solicitud inesperada especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para provocar un error que dé como resultado una denegación de servicio.

15 Oct 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-15 22:15

Updated : 2024-11-08 15:13

NVD link : CVE-2024-45085

Mitre link : CVE-2024-45085

CVE.ORG link : CVE-2024-45085

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2024-45085", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-10-15T22:15:03.773", "references": [{"url": "https://www.ibm.com/support/pages/node/7173128", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service."}, {"lang": "es", "value": "IBM WebSphere Application Server 8.5 es vulnerable a una denegaci\u00f3n de servicio, en determinadas configuraciones, provocada por una solicitud inesperada especialmente manipulada. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para provocar un error que d\u00e9 como resultado una denegaci\u00f3n de servicio."}], "lastModified": "2024-11-08T15:13:11.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*", "vulnerable": true, "matchCriteriaId": "1EF360D5-36CB-4297-B072-5C34AC3B8484", "versionEndExcluding": "8.5.5.27", "versionStartIncluding": "8.5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}