VDB
CVE-2024-22354
CVE-2024-22354
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund eines XML External Entity Injection (XXE)-Angriffs bei der Verarbeitung von XML-Daten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen, Speicherressourcen zu verbrauchen oder einen serverseitigen Request Forgery-Angriff durchzuführen.
EPSS 0.02% · 5.2th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.02%
5.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HCL | HCL BigFix Compliance <2.0.12 | |
| IBM | IBM WebSphere Application Server Liberty <=24.0.0.3 | |
| HCL | HCL AppScan Enterprise <10.7.0 | |
| IBM | IBM Rational ClearCase 10.0.0 | |
| IBM | IBM Maximo Asset Management 7.6.7 | |
| IBM | IBM Storage Scale <5.2.1.0 | |
| HCL | HCL Commerce 8.x | |
| HCL | HCL Commerce 9.1.0-9.1.15 | |
| IBM | IBM Maximo Asset Management 7.6.8 | |
| IBM | IBM Maximo Asset Management 7.6.1.2 | |
| IBM | IBM Rational ClearCase | |
| IBM | IBM InfoSphere Information Server 11.7 | |
| IBM | IBM TXSeries for Multiplatforms 9.1 | |
| IBM | IBM License Metric Tool 9.2 | |
| IBM | IBM TXSeries for Multiplatforms 8.1 | |
| IBM | IBM WebSphere Service Registry and Repository 8.5 | |
| IBM | IBM Rational ClearCase 9.1 | |
| IBM | IBM Rational ClearQuest | |
| IBM | IBM MQ 9.1.0 | |
| IBM | IBM WebSphere Application Server 9.0 |
…and 16 more
Exploit Intelligence
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
Timeline
- Feb 8, 2024 PoC Published
- Apr 16, 2024 CVE Published
- Apr 17, 2024 EPSS Score
- May 12, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 1, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
- Aug 19, 2024 EPSS Score
- Sep 13, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 EPSS Score
- Nov 2, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0906.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0906 advisory
- https://www.ibm.com/support/pages/node/7148380 advisory
- https://www.ibm.com/support/pages/node/7148426 advisory
- https://www.ibm.com/support/pages/node/7148501 advisory
- https://www.ibm.com/support/pages/node/7148751 advisory
- https://www.ibm.com/support/pages/node/7148974 advisory
- https://www.ibm.com/support/pages/node/7148976 advisory
- https://www.ibm.com/support/pages/node/7149055 advisory
- https://www.ibm.com/support/pages/node/7149579 advisory
- https://www.ibm.com/support/pages/node/7150669 advisory
- https://www.ibm.com/support/pages/node/7155114 advisory
- https://www.ibm.com/support/pages/node/7156268 advisory
- https://www.ibm.com/support/pages/node/7156265 advisory
- https://www.ibm.com/support/pages/node/7145534 advisory
- https://www.ibm.com/support/pages/node/7158639 advisory
- https://www.ibm.com/support/pages/node/7157976 advisory
- https://www.ibm.com/support/pages/node/7158959 advisory
- https://www.ibm.com/support/pages/node/7159010 advisory
- https://www.ibm.com/support/pages/node/7159670 advisory
…and 14 more