We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-35154

IBM WebSphere Application Server code execution



Assigneribm
Reserved2024-05-09
Published2024-07-09
Updated2024-08-02

Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-250 Execution with Unnecessary Privileges

Product status

Default status
unaffected

8.5, 9.0
affected

Credits

Kin Hung Cheng 0x4006668100

References

https://www.ibm.com/support/pages/node/7159825 vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 vdb-entry

cve.org CVE-2024-35154

nvd.nist.gov CVE-2024-35154

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.