THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-35154

IBM WebSphere Application Server code execution

Assigneribm
Reserved2024-05-09
Published2024-07-09
Updated2024-07-10

Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-250 Execution with Unnecessary Privileges

Product status

Default status
unaffected

8.5, 9.0
affected

Credits

Kin Hung Cheng finder

References

https://www.ibm.com/support/pages/node/7159825 vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 vdb-entry

cve.org CVE-2024-35154

nvd.nist.gov CVE-2024-35154

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-35154
© Copyright 2024 THREATINT. Made in Cyprus with +