CVE-2024-45072
Severity
5.5MEDIUM
EPSS
0.0%
top 87.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Description
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:LExploitability: 1.2 | Impact: 4.2