CVE-2024-22354 – IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty …

17 April 2024

Vuln ID: CVE-2024-22354

Published: 2024-04-17 01:15:06.747

Description: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

Base Score: 7 – HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Source: NVD.NIST.GOV

Date:

17 April 2024

Categorie(s):

NVD

Tag(s):

NVD

An Empty S3 Bucket Can Make Your AWS Bills Explode30 April 2024
Triangulation fraud: The costly scam hitting online retailers30 April 2024
Tracecat: Open-source SOAR30 April 2024
Why the automotive sector is a target for email-based cyber attacks30 April 2024
Passwords under seven characters can be easily cracked30 April 2024