CVE-2024-35154
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | WebSphere Application Server | 8.5, 9.0 | affected |
Weaknesses
- CWE-250: CWE-250 Execution with Unnecessary Privileges
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/7159825
- https://exchange.xforce.ibmcloud.com/vulnerabilities/292641
References
- https://www.ibm.com/support/pages/node/7159825
- https://exchange.xforce.ibmcloud.com/vulnerabilities/292641
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.