Overview
- Description
- IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.2
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
- Severity
- MEDIUM
Weaknesses
- psirt@us.ibm.com
- CWE-611
Social media
- Hype score
- Not currently trending
CVE-2024-45072 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit … https://t.co/CeLaEimSQo
@CVEnew
366 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
PH63541:IBM WEBSPHERE APPLICATION SERVER IS VULNERABLE TO AN XML EXTERNAL ENTITY INJECTION (XXE) VULNERABILITY (CVE-2024-45072 CVSS 5.5)
@asdfg12346782
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-45072 XML External Entity Injection in IBM WebSphere Risks Data Exposure IBM WebSphere Application Server versions 8.5 and 9.0 have an XML External Entity Injection (XXE) vulnerability. This issue occurs... https://t.co/EzMenUfmcj
@VulmonFeeds
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7953E024-F84E-4277-BA52-93F5B1091E23",
"versionEndIncluding": "8.5.5.26",
"versionStartIncluding": "8.5.0.0"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "185CEF83-9BF7-4567-B2EC-CCF59F567AF3",
"versionEndIncluding": "9.0.5.21",
"versionStartIncluding": "9.0.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]