CVE-2024-56339 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
ibm	CNA	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Vendor	Product	Version
ibm	websphere_application_server	17.0.0.3 ≤ 𝑥 ≤ 25.0.0.7
ibm	websphere_application_server	9.0.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-650 - Trusting HTTP Permission Methods on the Server Side
The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.

Vulnerability Media Exposure

[GERMAN] IBM WebSphere Application Server: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.
Published: 2025-07-17T22:00:00+00:00

References

https://www.ibm.com/support/pages/node/7239955