CVE-2024-22354

Sažetak

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/280401
https://www.ibm.com/support/pages/node/7148426
https://exchange.xforce.ibmcloud.com/vulnerabilities/280401
https://www.ibm.com/support/pages/node/7148426

CVSS

Base:	7.0
Impact:	4.7
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Zadnje važnije ažuriranje

06-03-2025 - 14:24

Objavljeno

17-04-2024 - 01:15