CVE-2024-35154Execution with Unnecessary Privileges in IBM Websphere Application Server

CWE-250Execution with Unnecessary Privileges3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 48.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedJul 9
Latest updateJul 10

Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDibm/websphere_application_server8.5.0.08.5.5.25+1

🔴Vulnerability Details

2
GHSA
GHSA-p6pr-8hcj-hmv4: IBM WebSphere Application Server 82024-07-10
CVEList
IBM WebSphere Application Server code execution2024-07-09
CVE-2024-35154 — Execution with Unnecessary Privileges | cvebase