CVE-2024-35154

IBM WebSphere Application Server code execution

CVSS v3.1 7.2 (High)
EPSS 0.06 % (31th)
Affected Products 1

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

Base Severity
High
Base Score
7.2
Impact Score
5.9
Exploitability Score
1.2
Metrics
Attack Vector (AV) Network
Attack Complexity (AC) Low
Privileges Required (PR) High
User Interaction (UI) None
Scope (S) Unchanged
Confidentiality (C) High
Integrity (I) High
Availability (A) High

Weaknesses

# ID Name
CWE-250 Execution with Unnecessary Privileges

CAPEC - Common Attack Pattern Enumeration and Classification

# ID Name Weakness
CAPEC-69 Target Programs with Elevated Privileges CWE-250
CAPEC-104 Cross Zone Scripting CWE-250
CAPEC-470 Expanding Control over the Operating System from the Database CWE-250

References

Modified
CVE Status
PUBLISHED
NVD Status
Modified
CNA
IBM Corporation
Published Date
2024-07-09 22:15:02
(6 months ago)
Updated Date
2024-11-21 09:19:50
(2 months ago)

Affected Vendors & Products

Loading...
Loading...

Configuration #1

    CPE v2.3 From Up To
  Ibm Websphere Application Server from 8.5.0.0 version and 8.5.5.25 and prior versions cpe:2.3:a:ibm:websphere_application_server >= 8.5.0.0 <= 8.5.5.25
  Ibm Websphere Application Server from 9.0.0.0 version and 9.0.5.20 and prior versions cpe:2.3:a:ibm:websphere_application_server >= 9.0.0.0 <= 9.0.5.20
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...