CVE-2024-22354 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-22354 PUBLISHED CVSS 9.300000190734863 CRITICAL

Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund eines XML External Entity Injection (XXE)-Angriffs bei der Verarbeitung von XML-Daten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen, Speicherressourcen zu verbrauchen oder einen serverseitigen Request Forgery-Angriff durchzuführen.

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
HCL	HCL BigFix Compliance <2.0.12
IBM	IBM WebSphere Application Server Liberty <=24.0.0.3
HCL	HCL AppScan Enterprise <10.7.0
IBM	IBM Rational ClearCase 10.0.0
IBM	IBM Maximo Asset Management 7.6.7
IBM	IBM Storage Scale <5.2.1.0
HCL	HCL Commerce 8.x
HCL	HCL Commerce 9.1.0-9.1.15
IBM	IBM Maximo Asset Management 7.6.8
IBM	IBM Maximo Asset Management 7.6.1.2
IBM	IBM Rational ClearCase
IBM	IBM InfoSphere Information Server 11.7
IBM	IBM TXSeries for Multiplatforms 9.1
IBM	IBM License Metric Tool 9.2
IBM	IBM TXSeries for Multiplatforms 8.1
IBM	IBM WebSphere Service Registry and Repository 8.5
IBM	IBM Rational ClearCase 9.1
IBM	IBM Rational ClearQuest
IBM	IBM MQ 9.1.0
IBM	IBM WebSphere Application Server 9.0

…and 16 more

Timeline

Feb 8, 2024 PoC Published
Apr 16, 2024 CVE Published
Apr 17, 2024 EPSS Score
May 11, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Jun 29, 2024 EPSS Score
Jul 23, 2024 EPSS Score
Aug 17, 2024 EPSS Score
Sep 10, 2024 EPSS Score
Oct 4, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 29, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0906.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0906 advisory
https://www.ibm.com/support/pages/node/7148380 advisory
https://www.ibm.com/support/pages/node/7148426 advisory
https://www.ibm.com/support/pages/node/7148501 advisory
https://www.ibm.com/support/pages/node/7148751 advisory
https://www.ibm.com/support/pages/node/7148974 advisory
https://www.ibm.com/support/pages/node/7148976 advisory
https://www.ibm.com/support/pages/node/7149055 advisory
https://www.ibm.com/support/pages/node/7149579 advisory
https://www.ibm.com/support/pages/node/7150669 advisory
https://www.ibm.com/support/pages/node/7155114 advisory
https://www.ibm.com/support/pages/node/7156268 advisory
https://www.ibm.com/support/pages/node/7156265 advisory
https://www.ibm.com/support/pages/node/7145534 advisory
https://www.ibm.com/support/pages/node/7158639 advisory
https://www.ibm.com/support/pages/node/7157976 advisory
https://www.ibm.com/support/pages/node/7158959 advisory
https://www.ibm.com/support/pages/node/7159010 advisory
https://www.ibm.com/support/pages/node/7159670 advisory

…and 14 more

Open in Interactive Console →