← voltar
CVE-2024-22354

IBM WebSphere Application Server XML external entity injection

CVSS 7 HIGHEPSS 0.6%CWE-611
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
17 abr 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Produtos afetados
IBM · WebSphere Application ServerIBM · WebSphere Application Server Liberty

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://exchange.xforce.ibmcloud.com/vulnerabilities/280401https://www.ibm.com/support/pages/node/7148426