CVE-2024-35154

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.  Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  292641.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
ibmwebsphere_application_server
8.5.0.0 ≤
𝑥
≤ 8.5.5.25
ibmwebsphere_application_server
9.0.0.0 ≤
𝑥
≤ 9.0.5.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/292641
https://www.ibm.com/support/pages/node/7159825
https://exchange.xforce.ibmcloud.com/vulnerabilities/292641
https://www.ibm.com/support/pages/node/7159825