IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7174745 |
History
Wed, 06 Nov 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
Mon, 04 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 04 Nov 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | |
Title | IBM WebSphere Application Server XML external entity injection | |
First Time appeared |
Ibm
Ibm websphere Application Server |
|
Weaknesses | CWE-611 | |
CPEs | cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm websphere Application Server |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2024-11-04T19:29:48.153Z
Updated: 2024-11-04T20:51:18.956Z
Reserved: 2024-08-21T19:11:05.063Z
Link: CVE-2024-45086
Vulnrichment
Updated: 2024-11-04T20:51:15.565Z
NVD
Status : Analyzed
Published: 2024-11-04T20:15:05.013
Modified: 2024-11-06T23:04:04.673
Link: CVE-2024-45086
Redhat
No data.