Potential for Credentials Disclosure through Stored Cross-Site Scripting

CVE-2024-45073
4.8MEDIUM

Key Information

Vendor
IBM
Status
Websphere Application Server
Vendor
CVE Published:
30 September 2024

Summary

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected Version(s)

WebSphere Application Server = 8.5, 9.0

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database
.