VDB
CVE-2024-27270
CVE-2024-27270
PUBLISHED
In IBM WebSphere Application Server existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.09% · 25.2th percentile
Risk Scores
EPSS Score
0.09%
25.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Business Automation Workflow | |
| HCL | HCL Commerce 9.0-9.0.1.21 | |
| IBM | IBM TXSeries for Multiplatforms 8.1 | |
| HCL | HCL BigFix Compliance v2.0.x | |
| IBM | IBM TXSeries for Multiplatforms 9.1 | |
| IBM | IBM SPSS Collaboration and Deployment Services | |
| IBM | IBM TXSeries for Multiplatforms 8.2 | |
| IBM | IBM WebSphere Application Server Liberty <24.0.0.4 | |
| HCL | HCL Commerce 9.1.0-9.1.15 | |
| IBM | IBM WebSphere Application Server 23.0.0.3-24.0.0.3 |
Timeline
- Mar 26, 2024 CVE Published
- Mar 28, 2024 EPSS Score
- Apr 23, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 8, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Aug 29, 2024 EPSS Score
- Sep 23, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 19, 2024 EPSS Score
- Nov 13, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0716.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0716 advisory
- https://www.ibm.com/support/pages/node/7145231 advisory
- https://www.ibm.com/support/pages/node/7150669 advisory
- https://www.ibm.com/support/pages/node/7156270 advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113892 advisory
- https://www.ibm.com/support/pages/node/7169557 advisory
- https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0115352 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1488.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1488 advisory
- https://www.ibm.com/support/pages/node/7158440 advisory
- https://www.ibm.com/support/pages/node/7158441 advisory
- https://www.ibm.com/support/pages/node/7159065 advisory
- https://www.ibm.com/support/pages/node/7158448 advisory
- https://www.ibm.com/support/pages/node/7158443 advisory
- https://www.ibm.com/support/pages/node/7159064 advisory
- https://www.ibm.com/support/pages/node/7159048 advisory
- https://www.ibm.com/support/pages/node/7158595 advisory
- https://www.ibm.com/support/pages/node/7159049 advisory
- https://www.ibm.com/support/pages/node/7158447 advisory
…and 11 more