IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
History

Mon, 21 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp hp-ux
Ibm aix
Ibm i
Ibm z\/os
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Oracle
Oracle solaris
CPEs cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
Vendors & Products Hp
Hp hp-ux
Ibm aix
Ibm i
Ibm z\/os
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Oracle
Oracle solaris

Wed, 16 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Description IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
Title IBM WebSphere Application Server XML external entity injection
First Time appeared Ibm
Ibm websphere Application Server
Weaknesses CWE-611
CPEs cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm websphere Application Server
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-10-16T16:12:13.910Z

Updated: 2024-10-16T18:38:02.173Z

Reserved: 2024-08-21T19:10:49.904Z

Link: CVE-2024-45072

cve-icon Vulnrichment

Updated: 2024-10-16T18:33:14.557Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-16T17:15:16.750

Modified: 2024-10-21T13:41:20.463

Link: CVE-2024-45072

cve-icon Redhat

No data.