CVE-2024-22329

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 89.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere Application ServerIBM Websphere Application Server Liberty
Timeline
PublishedApr 17

Description

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5ibm/websphere_application_server_liberty17.0.0.324.0.0.3
NVDibm/websphere_application_server8.5.0.08.5.5.26+2

🔴Vulnerability Details

2
GHSA
GHSA-7qc7-mcjv-jr2h: IBM WebSphere Application Server 82024-04-17
CVEList
IBM WebSphere Application Server server-side request forgery2024-04-17
CVE-2024-22329 (MEDIUM CVSS 4.3) | IBM WebSphere Application Server 8. | cvebase.io