IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
History

Wed, 06 Nov 2024 23:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Mon, 04 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 19:45:00 +0000

Type Values Removed Values Added
Description IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
Title IBM WebSphere Application Server XML external entity injection
First Time appeared Ibm
Ibm websphere Application Server
Weaknesses CWE-611
CPEs cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm websphere Application Server
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-11-04T19:29:48.153Z

Updated: 2024-11-04T20:51:18.956Z

Reserved: 2024-08-21T19:11:05.063Z

Link: CVE-2024-45086

cve-icon Vulnrichment

Updated: 2024-11-04T20:51:15.565Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-04T20:15:05.013

Modified: 2024-11-06T23:04:04.673

Link: CVE-2024-45086

cve-icon Redhat

No data.