Arbitrary Code Execution Vulnerability in WebSphere Application Server 8.5 and 9.0
CVE-2024-35154

7.2HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Server
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-35154?

IBM WebSphere Application Server versions 8.5 and 9.0 contain a vulnerability that could be exploited by a remote authenticated attacker who has access to the administrative console. By sending specially crafted input, the attacker may execute arbitrary code on the system, potentially leading to unauthorized actions or data compromise. This vulnerability highlights the importance of securing access to administrative interfaces and monitoring for suspicious activity within these applications.

Affected Version(s)

WebSphere Application Server 8.5, 9.0

References

https://www.ibm.com/support/pages/node/7159825

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/292641

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024

Credit

Kin Hung Cheng