CVE-2024-35154
IBM WebSphere Application Server code execution
CVSS v3.1
7.2 (High)
EPSS
0.06 % (31th)
Affected Products
1
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
- Base Severity
- High
- Base Score
-
- Impact Score
-
- Exploitability Score
-
Metrics
Attack Vector (AV) | Network |
---|---|
Attack Complexity (AC) | Low |
Privileges Required (PR) | High |
User Interaction (UI) | None |
Scope (S) | Unchanged |
Confidentiality (C) | High |
Integrity (I) | High |
Availability (A) | High |
# ID | Name |
---|---|
CWE-250 | Execution with Unnecessary Privileges |
References
Source | URL | Tags |
---|---|---|
IBM Corporation | https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 | VDB Entry Vendor Advisory |
IBM Corporation | https://www.ibm.com/support/pages/node/7159825 | Vendor Advisory |
CVE | https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 | VDB Entry Vendor Advisory |
CVE | https://www.ibm.com/support/pages/node/7159825 | Vendor Advisory |
Modified
- CVE Status
- PUBLISHED
- NVD Status
- Modified
- CNA
- IBM Corporation
- Published Date
-
2024-07-09 22:15:02
(6 months ago) - Updated Date
-
2024-11-21 09:19:50
(2 months ago)
View CVE-2024-35154 on ...
Affected Vendors & Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...