Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22354 (GCVE-0-2024-22354)
Vulnerability from cvelistv5 – Published: 2024-04-17 01:07 – Updated: 2024-08-01 22:43
VLAI
EPSS
Title
IBM WebSphere Application Server XML external entity injection
Summary
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
Severity
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7148426 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
8.5, 9.0
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* |
|
| IBM | WebSphere Application Server Liberty |
Affected:
17.0.0.3 , ≤ 24.0.0.5
(semver)
Affected: cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:* (cpe) Affected: cpe:2.3:a:ibm:websphere_application_server:24.0.0.5:*:*:*:liberty:*:*:* (cpe) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T20:07:43.509606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T20:07:50.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7148426"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WebSphere Application Server Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "24.0.0.5",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
"versionType": "cpe"
},
{
"status": "affected",
"version": "cpe:2.3:a:ibm:websphere_application_server:24.0.0.5:*:*:*:liberty:*:*:*",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\u003c/span\u003e"
}
],
"value": "IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:35:18.159Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148426"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM WebSphere Application Server XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22354",
"datePublished": "2024-04-17T01:07:58.187Z",
"dateReserved": "2024-01-08T23:42:36.757Z",
"dateUpdated": "2024-08-01T22:43:34.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-22354",
"date": "2026-05-27",
"epss": "0.00019",
"percentile": "0.05273"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22354\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-04-17T01:15:06.747\",\"lastModified\":\"2025-03-06T19:21:14.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\"},{\"lang\":\"es\",\"value\":\"IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial, consumir recursos de memoria o realizar un ataque de server-side request forgery. ID de IBM X-Force: 280401.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*\",\"versionStartIncluding\":\"8.5.0.0\",\"versionEndExcluding\":\"8.5.5.26\",\"matchCriteriaId\":\"60817E19-772E-41E5-A26C-CA22271E6B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*\",\"versionStartIncluding\":\"9.0.0.0\",\"versionEndExcluding\":\"9.0.5.20\",\"matchCriteriaId\":\"8E4EFF90-4986-4731-B7FF-5B84FC1D237E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*\",\"versionStartIncluding\":\"17.0.0.3\",\"versionEndExcluding\":\"24.0.0.6\",\"matchCriteriaId\":\"64CB0E7B-4685-497B-B167-F7C7BC42B4D6\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/280401\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7148426\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/280401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7148426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22354\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-28T20:07:43.509606Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-28T20:07:47.845Z\"}}], \"cna\": {\"title\": \"IBM WebSphere Application Server XML external entity injection\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"WebSphere Application Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5, 9.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"WebSphere Application Server Liberty\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"24.0.0.5\"}, {\"status\": \"affected\", \"version\": \"cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*\", \"versionType\": \"cpe\"}, {\"status\": \"affected\", \"version\": \"cpe:2.3:a:ibm:websphere_application_server:24.0.0.5:*:*:*:liberty:*:*:*\", \"versionType\": \"cpe\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7148426\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/280401\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-05-22T19:35:18.159Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22354\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-06-28T20:07:50.938Z\", \"dateReserved\": \"2024-01-08T23:42:36.757Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-04-17T01:07:58.187Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-1015
Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les vulnérabilités CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.1 | ||
| IBM | QRadar | QRadar Pulse App versions antérieures à 2.2.15 | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le correctif APAR PH63533 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25 | ||
| IBM | AIX | AIX version 7.3 sans le correctif bind_fix27/73bind918.tar | ||
| IBM | VIOS | VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH63533 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.5.0 pour Power avec le correctif PH60195/PH61002 | ||
| IBM | AIX | AIX version 7.2 sans le correctif bind_fix27/72bind918.tar | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.4.1 pour Intel avec le correctif PH60195/PH61002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11 | ||
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 4.1.17 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le correctif APAR PH63533",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.25",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif bind_fix27/73bind918.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH63533",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power avec le correctif PH60195/PH61002",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif bind_fix27/72bind918.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.26",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel avec le correctif PH60195/PH61002",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "Les vuln\u00e9rabilit\u00e9s CVE-2024-47875 et CVE-2024-45801 n\u0027ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-46982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2024-11-22T00:00:00",
"last_revision_date": "2024-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176657",
"url": "https://www.ibm.com/support/pages/node/7176657"
},
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
"url": "https://www.ibm.com/support/pages/node/7176642"
},
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176660",
"url": "https://www.ibm.com/support/pages/node/7176660"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176201",
"url": "https://www.ibm.com/support/pages/node/7176201"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176391",
"url": "https://www.ibm.com/support/pages/node/7176391"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176392",
"url": "https://www.ibm.com/support/pages/node/7176392"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176386",
"url": "https://www.ibm.com/support/pages/node/7176386"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176389",
"url": "https://www.ibm.com/support/pages/node/7176389"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176451",
"url": "https://www.ibm.com/support/pages/node/7176451"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176388",
"url": "https://www.ibm.com/support/pages/node/7176388"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176205",
"url": "https://www.ibm.com/support/pages/node/7176205"
}
]
}
CERTFR-2024-AVI-1051
Vulnerability from certfr_avis - Published: 2024-12-06 - Updated: 2024-12-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | VIOS | VIOS version 3.1 sans le correctif invscout_fix7.tar | ||
| IBM | AIX | AIX version 7.3 sans le correctif invscout_fix7.tar | ||
| IBM | Cognos Controller | Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3 | ||
| IBM | AIX | AIX version 7.2 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.0.0 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VIOS version 3.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-47115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47115"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25020"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-41777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41777"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2024-25035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25035"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2022-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2024-41776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41776"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25019"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2021-22921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
},
{
"name": "CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-29892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29892"
},
{
"name": "CVE-2024-45676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45676"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2024-40691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40691"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-41775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41775"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2021-44533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2024-25036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25036"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2024-12-06T00:00:00",
"last_revision_date": "2024-12-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033",
"url": "https://www.ibm.com/support/pages/node/7178033"
},
{
"published_at": "2024-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054",
"url": "https://www.ibm.com/support/pages/node/7178054"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220",
"url": "https://www.ibm.com/support/pages/node/7177220"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981",
"url": "https://www.ibm.com/support/pages/node/7177981"
}
]
}
CERTFR-2025-AVI-0106
Vulnerability from certfr_avis - Published: 2025-02-07 - Updated: 2025-02-07
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.x antérieures à 12.0.4 IF2 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.15 | ||
| IBM | Db2 | IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 à 4.8 antérieures à v4.8.8 | ||
| IBM | Security QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.15",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 \u00e0 4.8 ant\u00e9rieures \u00e0 v4.8.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2020-21469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21469"
},
{
"name": "CVE-2024-45020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45020"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2023-51714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51714"
},
{
"name": "CVE-2021-47366",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47366"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2024-36361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36361"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2019-9641",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9641"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-49352",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49352"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2020-20703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-20703"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2022-48968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2019-9638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9638"
},
{
"name": "CVE-2022-49016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2019-9639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9639"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2024-35839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2024-46820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46820"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4317"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-45769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45769"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2024-46845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46845"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2022-49003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-35898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2019-9020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9020"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2019-9023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9023"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-41942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41942"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45770"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2022-48773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48773"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-24857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-29736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29736"
},
{
"name": "CVE-2019-9021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9021"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2023-52921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52921"
},
{
"name": "CVE-2024-53677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53677"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2019-20478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20478"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
},
{
"name": "CVE-2024-32007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32007"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-02-07T00:00:00",
"last_revision_date": "2025-02-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182424",
"url": "https://www.ibm.com/support/pages/node/7182424"
},
{
"published_at": "2025-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182335",
"url": "https://www.ibm.com/support/pages/node/7182335"
},
{
"published_at": "2025-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7181898",
"url": "https://www.ibm.com/support/pages/node/7181898"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7181480",
"url": "https://www.ibm.com/support/pages/node/7181480"
},
{
"published_at": "2025-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182696",
"url": "https://www.ibm.com/support/pages/node/7182696"
}
]
}
CERTFR-2025-AVI-0924
Vulnerability from certfr_avis - Published: 2025-10-24 - Updated: 2025-10-24
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions antérieures à 1.4.1 | ||
| IBM | Security QRadar Log Management AQL | Greffon Security QRadar Log Management AQL versions antérieures à 1.1.3 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.0.x antérieures à 6.4.0.0 iFix02 | ||
| IBM | Spectrum | Spectrum Symphony versions antérieures à 7.3.2 sans le correctif 602717 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix05 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services 6.3.x antérieures à 6.3.0.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Greffon Security QRadar Log Management AQL versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "Security QRadar Log Management AQL",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.0 iFix02",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Symphony versions ant\u00e9rieures \u00e0 7.3.2 sans le correctif 602717",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix05",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-38821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-10-24T00:00:00",
"last_revision_date": "2025-10-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0924",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248583",
"url": "https://www.ibm.com/support/pages/node/7248583"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248935",
"url": "https://www.ibm.com/support/pages/node/7248935"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249065",
"url": "https://www.ibm.com/support/pages/node/7249065"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249063",
"url": "https://www.ibm.com/support/pages/node/7249063"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249064",
"url": "https://www.ibm.com/support/pages/node/7249064"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249062",
"url": "https://www.ibm.com/support/pages/node/7249062"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249013",
"url": "https://www.ibm.com/support/pages/node/7249013"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248293",
"url": "https://www.ibm.com/support/pages/node/7248293"
},
{
"published_at": "2025-10-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248548",
"url": "https://www.ibm.com/support/pages/node/7248548"
}
]
}
CERTFR-2025-AVI-1131
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 Warehouse | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.0 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 versions antérieures à 7.5.0 UP14 IF03 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.0.x antérieures à 6.3.0.16 | ||
| IBM | QRadar | QRadar Suite Software versions 1.11.x antérieures à 1.11.8.0 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.0.x antérieures à 6.4.0.5 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.5 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.0 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.3 | ||
| IBM | Db2 | Db2 Intelligence Center versions 1.1.x antérieures à 1.1.3.0 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.0",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 versions ant\u00e9rieures \u00e0 7.5.0 UP14 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.16",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.11.x ant\u00e9rieures \u00e0 1.11.8.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.5",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.5 ",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5 ",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Intelligence Center versions 1.1.x ant\u00e9rieures \u00e0 1.1.3.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2021-26272",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26272"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-39761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
},
{
"name": "CVE-2024-49350",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
},
{
"name": "CVE-2025-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2021-47621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47621"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-61912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61912"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2025-55198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55198"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2025-38724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2025-36008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36008"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-39718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39718"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2023-34055",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2025-55182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-41235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41235"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2023-53539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53539"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2024-38827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38827"
},
{
"name": "CVE-2025-38292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38292"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-55199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55199"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-1493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-3050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2021-26271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26271"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-38821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39825"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2023-53401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53401"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2025-38351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38351"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-52903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2020-9281",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9281"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
},
{
"name": "CVE-2022-3697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3697"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2023-53513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53513"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-39804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39804"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2022-50543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50543"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2025-61911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61911"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2025-14687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14687"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252732",
"url": "https://www.ibm.com/support/pages/node/7252732"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7254815",
"url": "https://www.ibm.com/support/pages/node/7254815"
},
{
"published_at": "2025-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255060",
"url": "https://www.ibm.com/support/pages/node/7255060"
},
{
"published_at": "2025-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255154",
"url": "https://www.ibm.com/support/pages/node/7255154"
},
{
"published_at": "2025-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255095",
"url": "https://www.ibm.com/support/pages/node/7255095"
},
{
"published_at": "2025-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7254849",
"url": "https://www.ibm.com/support/pages/node/7254849"
},
{
"published_at": "2025-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7254850",
"url": "https://www.ibm.com/support/pages/node/7254850"
},
{
"published_at": "2025-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255160",
"url": "https://www.ibm.com/support/pages/node/7255160"
},
{
"published_at": "2025-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255065",
"url": "https://www.ibm.com/support/pages/node/7255065"
}
]
}
CNVD-2024-19020
Vulnerability from cnvd - Published: 2024-04-22
VLAI
Title
IBM WebSphere Application Server和IBM WebSphere Application Server Liberty XML外部实体注入漏洞
Description
IBM WebSphere Application Server(WAS)和IBM WebSphere Application Server Liberty都是美国国际商业机器(IBM)公司的产品。IBM WebSphere Application Server是一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台,也是IBMWebSphere软件平台的基础。IBM WebSphere Application Server Liberty是一款构建于Open Liberty项目之上的Java应用程序服务器。
IBM WebSphere Application Server和IBM WebSphere Application Server Liberty存在XML外部实体注入漏洞,攻击者可利用该漏洞获取敏感信息、消耗内存资源或执行服务器端请求伪造攻击。
Severity
中
Patch Name
IBM WebSphere Application Server和IBM WebSphere Application Server Liberty XML外部实体注入漏洞的补丁
Patch Description
IBM WebSphere Application Server(WAS)和IBM WebSphere Application Server Liberty都是美国国际商业机器(IBM)公司的产品。IBM WebSphere Application Server是一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台,也是IBMWebSphere软件平台的基础。IBM WebSphere Application Server Liberty是一款构建于Open Liberty项目之上的Java应用程序服务器。
IBM WebSphere Application Server和IBM WebSphere Application Server Liberty存在XML外部实体注入漏洞,攻击者可利用该漏洞获取敏感信息、消耗内存资源或执行服务器端请求伪造攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.ibm.com/support/pages/node/7148426
Reference
https://cxsecurity.com/cveshow/CVE-2024-22354/
Impacted products
| Name | ['IBM WebSphere Application Server 9.0', 'IBM WebSphere Application Server 8.5', 'IBM WebSphere Application Server Liberty >=17.0.0.3,<=24.0.0.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-22354"
}
},
"description": "IBM WebSphere Application Server\uff08WAS\uff09\u548cIBM WebSphere Application Server Liberty\u90fd\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM WebSphere Application Server\u662f\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u662fJavaEE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBMWebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002IBM WebSphere Application Server Liberty\u662f\u4e00\u6b3e\u6784\u5efa\u4e8eOpen Liberty\u9879\u76ee\u4e4b\u4e0a\u7684Java\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u3002 \n\nIBM WebSphere Application Server\u548cIBM WebSphere Application Server Liberty\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3001\u6d88\u8017\u5185\u5b58\u8d44\u6e90\u6216\u6267\u884c\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7148426",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-19020",
"openTime": "2024-04-22",
"patchDescription": "IBM WebSphere Application Server\uff08WAS\uff09\u548cIBM WebSphere Application Server Liberty\u90fd\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002IBM WebSphere Application Server\u662f\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u662fJavaEE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBMWebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002IBM WebSphere Application Server Liberty\u662f\u4e00\u6b3e\u6784\u5efa\u4e8eOpen Liberty\u9879\u76ee\u4e4b\u4e0a\u7684Java\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u3002 \r\n\r\nIBM WebSphere Application Server\u548cIBM WebSphere Application Server Liberty\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3001\u6d88\u8017\u5185\u5b58\u8d44\u6e90\u6216\u6267\u884c\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM WebSphere Application Server\u548cIBM WebSphere Application Server Liberty XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"IBM WebSphere Application Server 9.0",
"IBM WebSphere Application Server 8.5",
"IBM WebSphere Application Server Liberty \u003e=17.0.0.3\uff0c\u003c=24.0.0.3"
]
},
"referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-22354/",
"serverity": "\u4e2d",
"submitTime": "2024-04-17",
"title": "IBM WebSphere Application Server\u548cIBM WebSphere Application Server Liberty XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e"
}
FKIE_CVE-2024-22354
Vulnerability from fkie_nvd - Published: 2024-04-17 01:15 - Updated: 2025-03-06 19:21
Severity
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Summary
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7148426 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7148426 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "60817E19-772E-41E5-A26C-CA22271E6B0A",
"versionEndExcluding": "8.5.5.26",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8E4EFF90-4986-4731-B7FF-5B84FC1D237E",
"versionEndExcluding": "9.0.5.20",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
"matchCriteriaId": "64CB0E7B-4685-497B-B167-F7C7BC42B4D6",
"versionEndExcluding": "24.0.0.6",
"versionStartIncluding": "17.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial, consumir recursos de memoria o realizar un ataque de server-side request forgery. ID de IBM X-Force: 280401."
}
],
"id": "CVE-2024-22354",
"lastModified": "2025-03-06T19:21:14.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-17T01:15:06.747",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148426"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
GHSA-CXQ5-8MC6-XPRF
Vulnerability from github – Published: 2024-04-17 03:30 – Updated: 2024-04-17 03:30
VLAI
Details
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
Severity
7.0 (High)
{
"affected": [],
"aliases": [
"CVE-2024-22354"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T01:15:06Z",
"severity": "HIGH"
},
"details": "\nIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\n\n",
"id": "GHSA-cxq5-8mc6-xprf",
"modified": "2024-04-17T03:30:37Z",
"published": "2024-04-17T03:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22354"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7148426"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2024-22354
Vulnerability from gsd - Updated: 2024-01-09 06:02Details
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-22354"
],
"details": "\nIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\n\n",
"id": "GSD-2024-22354",
"modified": "2024-01-09T06:02:15.321317Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2024-22354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5, 9.0"
}
]
}
},
{
"product_name": "WebSphere Application Server Liberty",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "17.0.0.3",
"version_value": "24.0.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-611",
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/7148426",
"refsource": "MISC",
"url": "https://www.ibm.com/support/pages/node/7148426"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "\nIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\n\n"
},
{
"lang": "es",
"value": "IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial, consumir recursos de memoria o realizar un ataque de server-side request forgery. ID de IBM X-Force: 280401."
}
],
"id": "CVE-2024-22354",
"lastModified": "2024-04-17T12:48:07.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2024-04-17T01:15:06.747",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280401"
},
{
"source": "psirt@us.ibm.com",
"url": "https://www.ibm.com/support/pages/node/7148426"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
}
}
}
WID-SEC-W-2024-0906
Vulnerability from csaf_certbund - Published: 2024-04-16 22:00 - Updated: 2024-11-20 23:00Summary
IBM WebSphere Application Server: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM WebSphere Application Server ist ein J2EE-Applikationsserver.
Angriff: Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- Windows
Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund einer serverseitigen Request Forgery. Ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries for Multiplatforms 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
for Multiplatforms 8.1 | |
|
IBM TXSeries for Multiplatforms 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
for Multiplatforms 8.2 | |
|
IBM TXSeries for Multiplatforms 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
for Multiplatforms 9.1 | |
|
HCL Commerce 9.1.0-9.1.15
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.15
|
9.1.0-9.1.15 | |
|
HCL Commerce 9.0-9.0.1.21
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:9.0_-_9.0.1.21
|
9.0-9.0.1.21 | |
|
IBM Rational ClearQuest
IBM
|
cpe:/a:ibm:rational_clearquest:-
|
— | |
|
IBM InfoSphere Identity Insight 10.0.0.0
IBM / InfoSphere Identity Insight
|
cpe:/a:ibm:infosphere_identity_insight:10.0.0.0
|
10.0.0.0 | |
|
HCL Commerce 8.x
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:8.x
|
8.x | |
|
IBM WebSphere Application Server 8.5
IBM / WebSphere Application Server
|
cpe:/a:ibm:websphere_application_server:8.5
|
8.5 | |
|
IBM WebSphere Application Server 9.0
IBM / WebSphere Application Server
|
cpe:/a:ibm:websphere_application_server:9.0
|
9 | |
|
IBM Maximo Asset Management 7.6.8
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.8
|
7.6.8 | |
|
IBM Maximo Asset Management 7.6.6
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.6
|
7.6.6 | |
|
IBM Maximo Asset Management 7.6.7
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.7
|
7.6.7 | |
|
IBM Business Automation Workflow
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:traditional
|
— | |
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM Maximo Asset Management 7.6.1.2
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1.2
|
7.6.1.2 | |
|
IBM Tivoli Monitoring 6.3.0.7
IBM / Tivoli Monitoring
|
cpe:/a:ibm:tivoli_monitoring:6.3.0.7
|
6.3.0.7 | |
|
IBM MQ
IBM / MQ
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Maximo Asset Management 7.6.1.3
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1.3
|
7.6.1.3 | |
|
IBM Rational ClearCase 10.0.0
IBM / Rational ClearCase
|
cpe:/a:ibm:rational_clearcase:10.0.0
|
10.0.0 | |
|
HCL AppScan Enterprise <10.7.0
HCL / AppScan Enterprise
|
<10.7.0 | ||
|
IBM InfoSphere Identity Insight 9.0.0.1
IBM / InfoSphere Identity Insight
|
cpe:/a:ibm:infosphere_identity_insight:9.0.0.1
|
9.0.0.1 | |
|
HCL BigFix Compliance <2.0.12
HCL / BigFix
|
Compliance <2.0.12 | ||
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM MQ 9.1.0
IBM / MQ
|
cpe:/a:ibm:mq:9.1.0
|
9.1.0 | |
|
IBM Rational ClearCase 9.1
IBM / Rational ClearCase
|
cpe:/a:ibm:rational_clearcase:9.1
|
9.1 | |
|
HCL BigFix Inventory
HCL / BigFix
|
cpe:/a:hcltech:bigfix:inventory
|
Inventory | |
|
IBM Storage Scale <5.2.1.0
IBM / Storage Scale
|
<5.2.1.0 | ||
|
IBM MQ 9.3.0
IBM / MQ
|
cpe:/a:ibm:mq:9.3.0
|
9.3.0 | |
|
IBM Storage Scale <5.1.9.5
IBM / Storage Scale
|
<5.1.9.5 | ||
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM Business Automation Workflow
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM MQ 9.2.0
IBM / MQ
|
cpe:/a:ibm:mq:9.2.0
|
9.2.0 | |
|
IBM Rational ClearCase
IBM / Rational ClearCase
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM WebSphere Service Registry and Repository 8.5
IBM / WebSphere Service Registry and Repository
|
cpe:/a:ibm:websphere_service_registry_and_repository:8.5
|
8.5 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty <=24.0.0.3
IBM / WebSphere Application Server
|
Liberty <=24.0.0.3 |
Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund eines XML External Entity Injection (XXE)-Angriffs bei der Verarbeitung von XML-Daten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen, Speicherressourcen zu verbrauchen oder einen serverseitigen Request Forgery-Angriff durchzuführen.
Affected products
Known affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM TXSeries for Multiplatforms 8.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.1
|
for Multiplatforms 8.1 | |
|
IBM TXSeries for Multiplatforms 8.2
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_8.2
|
for Multiplatforms 8.2 | |
|
IBM TXSeries for Multiplatforms 9.1
IBM / TXSeries
|
cpe:/a:ibm:txseries:for_multiplatforms_9.1
|
for Multiplatforms 9.1 | |
|
HCL Commerce 9.1.0-9.1.15
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.15
|
9.1.0-9.1.15 | |
|
HCL Commerce 9.0-9.0.1.21
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:9.0_-_9.0.1.21
|
9.0-9.0.1.21 | |
|
IBM Rational ClearQuest
IBM
|
cpe:/a:ibm:rational_clearquest:-
|
— | |
|
IBM InfoSphere Identity Insight 10.0.0.0
IBM / InfoSphere Identity Insight
|
cpe:/a:ibm:infosphere_identity_insight:10.0.0.0
|
10.0.0.0 | |
|
HCL Commerce 8.x
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:8.x
|
8.x | |
|
IBM WebSphere Application Server 8.5
IBM / WebSphere Application Server
|
cpe:/a:ibm:websphere_application_server:8.5
|
8.5 | |
|
IBM WebSphere Application Server 9.0
IBM / WebSphere Application Server
|
cpe:/a:ibm:websphere_application_server:9.0
|
9 | |
|
IBM Maximo Asset Management 7.6.8
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.8
|
7.6.8 | |
|
IBM Maximo Asset Management 7.6.6
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.6
|
7.6.6 | |
|
IBM Maximo Asset Management 7.6.7
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.7
|
7.6.7 | |
|
IBM Business Automation Workflow
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:traditional
|
— | |
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
IBM Maximo Asset Management 7.6.1.2
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1.2
|
7.6.1.2 | |
|
IBM Tivoli Monitoring 6.3.0.7
IBM / Tivoli Monitoring
|
cpe:/a:ibm:tivoli_monitoring:6.3.0.7
|
6.3.0.7 | |
|
IBM MQ
IBM / MQ
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Maximo Asset Management 7.6.1.3
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1.3
|
7.6.1.3 | |
|
IBM Rational ClearCase 10.0.0
IBM / Rational ClearCase
|
cpe:/a:ibm:rational_clearcase:10.0.0
|
10.0.0 | |
|
HCL AppScan Enterprise <10.7.0
HCL / AppScan Enterprise
|
<10.7.0 | ||
|
IBM InfoSphere Identity Insight 9.0.0.1
IBM / InfoSphere Identity Insight
|
cpe:/a:ibm:infosphere_identity_insight:9.0.0.1
|
9.0.0.1 | |
|
HCL BigFix Compliance <2.0.12
HCL / BigFix
|
Compliance <2.0.12 | ||
|
HCL BigFix Compliance
HCL / BigFix
|
cpe:/a:hcltech:bigfix:compliance
|
Compliance | |
|
IBM MQ 9.1.0
IBM / MQ
|
cpe:/a:ibm:mq:9.1.0
|
9.1.0 | |
|
IBM Rational ClearCase 9.1
IBM / Rational ClearCase
|
cpe:/a:ibm:rational_clearcase:9.1
|
9.1 | |
|
HCL BigFix Inventory
HCL / BigFix
|
cpe:/a:hcltech:bigfix:inventory
|
Inventory | |
|
IBM Storage Scale <5.2.1.0
IBM / Storage Scale
|
<5.2.1.0 | ||
|
IBM MQ 9.3.0
IBM / MQ
|
cpe:/a:ibm:mq:9.3.0
|
9.3.0 | |
|
IBM Storage Scale <5.1.9.5
IBM / Storage Scale
|
<5.1.9.5 | ||
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM Business Automation Workflow
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM MQ 9.2.0
IBM / MQ
|
cpe:/a:ibm:mq:9.2.0
|
9.2.0 | |
|
IBM Rational ClearCase
IBM / Rational ClearCase
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM WebSphere Service Registry and Repository 8.5
IBM / WebSphere Service Registry and Repository
|
cpe:/a:ibm:websphere_service_registry_and_repository:8.5
|
8.5 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Application Server Liberty <=24.0.0.3
IBM / WebSphere Application Server
|
Liberty <=24.0.0.3 |
References
34 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen und vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0906 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0906.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0906 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0906"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-16",
"url": "https://www.ibm.com/support/pages/node/7148380"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-16",
"url": "https://www.ibm.com/support/pages/node/7148426"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148501 vom 2024-04-17",
"url": "https://www.ibm.com/support/pages/node/7148501"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148751 vom 2024-04-19",
"url": "https://www.ibm.com/support/pages/node/7148751"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148974 vom 2024-04-22",
"url": "https://www.ibm.com/support/pages/node/7148974"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148976 vom 2024-04-22",
"url": "https://www.ibm.com/support/pages/node/7148976"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7149055 vom 2024-04-22",
"url": "https://www.ibm.com/support/pages/node/7149055"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-26",
"url": "https://www.ibm.com/support/pages/node/7149579"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150669 vom 2024-05-09",
"url": "https://www.ibm.com/support/pages/node/7150669"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7155114 vom 2024-05-29",
"url": "https://www.ibm.com/support/pages/node/7155114"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156268 vom 2024-06-03",
"url": "https://www.ibm.com/support/pages/node/7156268"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156265 vom 2024-06-03",
"url": "https://www.ibm.com/support/pages/node/7156265"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7145534 vom 2024-06-24",
"url": "https://www.ibm.com/support/pages/node/7145534"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7158639 vom 2024-06-25",
"url": "https://www.ibm.com/support/pages/node/7158639"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7157976 vom 2024-06-26",
"url": "https://www.ibm.com/support/pages/node/7157976"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7158959 vom 2024-06-27",
"url": "https://www.ibm.com/support/pages/node/7158959"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159010 vom 2024-06-27",
"url": "https://www.ibm.com/support/pages/node/7159010"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159670 vom 2024-07-04",
"url": "https://www.ibm.com/support/pages/node/7159670"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159714 vom 2024-07-05",
"url": "https://www.ibm.com/support/pages/node/7159714"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-07-16",
"url": "https://support.hcltechsw.com/community?id=community_blog\u0026sys_id=dab182ff1b1b4e54534c4159cc4bcb26"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-07-16",
"url": "https://support.hcltechsw.com/community?id=community_blog\u0026sys_id=c8e676731b5b8e54534c4159cc4bcbf8"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160615 vom 2024-07-18",
"url": "https://www.ibm.com/support/pages/node/7160615"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160614 vom 2024-07-18",
"url": "https://www.ibm.com/support/pages/node/7160614"
},
{
"category": "external",
"summary": "HCL Article KB0114592 vom 2024-07-28",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114592"
},
{
"category": "external",
"summary": "HCL Article KB0114594 vom 2024-07-28",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114594"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7166619 vom 2024-08-26",
"url": "https://www.ibm.com/support/pages/node/7166619"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7174280 vom 2024-10-29",
"url": "https://www.ibm.com/support/pages/node/7174280"
},
{
"category": "external",
"summary": "HCL Security Advisory",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115052"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-11-04",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117076"
},
{
"category": "external",
"summary": "HCL vom 2024-11-07",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=d0ceced4937d92500dddf87d1dba10d9"
},
{
"category": "external",
"summary": "HCL vom 2024-11-07",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0117139"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7176643 vom 2024-11-20",
"url": "https://www.ibm.com/support/pages/node/7176643"
}
],
"source_lang": "en-US",
"title": "IBM WebSphere Application Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-20T23:00:00.000+00:00",
"generator": {
"date": "2024-11-21T13:15:00.916+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0906",
"initial_release_date": "2024-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-28T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2024-08-25T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "23"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.7.0",
"product": {
"name": "HCL AppScan Enterprise \u003c10.7.0",
"product_id": "T038717"
}
},
{
"category": "product_version",
"name": "10.7.0",
"product": {
"name": "HCL AppScan Enterprise 10.7.0",
"product_id": "T038717-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:appscan_enterprise:10.7.0"
}
}
}
],
"category": "product_name",
"name": "AppScan Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "Inventory",
"product": {
"name": "HCL BigFix Inventory",
"product_id": "T036271",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:inventory"
}
}
},
{
"category": "product_version",
"name": "Compliance",
"product": {
"name": "HCL BigFix Compliance",
"product_id": "T038832",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:compliance"
}
}
},
{
"category": "product_version_range",
"name": "Compliance \u003c2.0.12",
"product": {
"name": "HCL BigFix Compliance \u003c2.0.12",
"product_id": "T038836"
}
},
{
"category": "product_version",
"name": "Compliance 2.0.12",
"product": {
"name": "HCL BigFix Compliance 2.0.12",
"product_id": "T038836-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:compliance__2.0.12"
}
}
}
],
"category": "product_name",
"name": "BigFix"
},
{
"branches": [
{
"category": "product_version",
"name": "8.x",
"product": {
"name": "HCL Commerce 8.x",
"product_id": "T038745",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:8.x"
}
}
},
{
"category": "product_version",
"name": "9.0-9.0.1.21",
"product": {
"name": "HCL Commerce 9.0-9.0.1.21",
"product_id": "T038746",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.0_-_9.0.1.21"
}
}
},
{
"category": "product_version",
"name": "9.1.0-9.1.15",
"product": {
"name": "HCL Commerce 9.1.0-9.1.15",
"product_id": "T038747",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.15"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T024465",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:traditional"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"branches": [
{
"category": "product_version",
"name": "10.0.0.0",
"product": {
"name": "IBM InfoSphere Identity Insight 10.0.0.0",
"product_id": "T033658",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_identity_insight:10.0.0.0"
}
}
},
{
"category": "product_version",
"name": "9.0.0.1",
"product": {
"name": "IBM InfoSphere Identity Insight 9.0.0.1",
"product_id": "T035627",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_identity_insight:9.0.0.1"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Identity Insight"
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "IBM License Metric Tool 9.2",
"product_id": "T031605",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1.0",
"product": {
"name": "IBM MQ 9.1.0",
"product_id": "T021105",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.1.0"
}
}
},
{
"category": "product_version",
"name": "9.2.0",
"product": {
"name": "IBM MQ 9.2.0",
"product_id": "T021106",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.2.0"
}
}
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"category": "product_version",
"name": "9.3.0",
"product": {
"name": "IBM MQ 9.3.0",
"product_id": "T026459",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.3.0"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1.3",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.3",
"product_id": "1234217",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
}
}
},
{
"category": "product_version",
"name": "7.6.1.2",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.2",
"product_id": "812526",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
}
}
},
{
"category": "product_version",
"name": "7.6.8",
"product": {
"name": "IBM Maximo Asset Management 7.6.8",
"product_id": "T039351",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.8"
}
}
},
{
"category": "product_version",
"name": "7.6.7",
"product": {
"name": "IBM Maximo Asset Management 7.6.7",
"product_id": "T039352",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.7"
}
}
},
{
"category": "product_version",
"name": "7.6.6",
"product": {
"name": "IBM Maximo Asset Management 7.6.6",
"product_id": "T039353",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.6"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Rational ClearCase",
"product": {
"name": "IBM Rational ClearCase",
"product_id": "T004180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:-"
}
}
},
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM Rational ClearCase 9.1",
"product_id": "T021423",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:9.1"
}
}
},
{
"category": "product_version",
"name": "10.0.0",
"product": {
"name": "IBM Rational ClearCase 10.0.0",
"product_id": "T026520",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:10.0.0"
}
}
}
],
"category": "product_name",
"name": "Rational ClearCase"
},
{
"category": "product_name",
"name": "IBM Rational ClearQuest",
"product": {
"name": "IBM Rational ClearQuest",
"product_id": "5168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearquest:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.1.0",
"product": {
"name": "IBM Storage Scale \u003c5.2.1.0",
"product_id": "T037080"
}
},
{
"category": "product_version",
"name": "5.2.1.0",
"product": {
"name": "IBM Storage Scale 5.2.1.0",
"product_id": "T037080-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.2.1.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.1.9.5",
"product": {
"name": "IBM Storage Scale \u003c5.1.9.5",
"product_id": "T037081"
}
},
{
"category": "product_version",
"name": "5.1.9.5",
"product": {
"name": "IBM Storage Scale 5.1.9.5",
"product_id": "T037081-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.1.9.5"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
},
{
"branches": [
{
"category": "product_version",
"name": "for Multiplatforms 9.1",
"product": {
"name": "IBM TXSeries for Multiplatforms 9.1",
"product_id": "T015903",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
}
}
},
{
"category": "product_version",
"name": "for Multiplatforms 8.2",
"product": {
"name": "IBM TXSeries for Multiplatforms 8.2",
"product_id": "T015904",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
}
}
},
{
"category": "product_version",
"name": "for Multiplatforms 8.1",
"product": {
"name": "IBM TXSeries for Multiplatforms 8.1",
"product_id": "T015905",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"category": "product_name",
"name": "IBM Tivoli Key Lifecycle Manager",
"product": {
"name": "IBM Tivoli Key Lifecycle Manager",
"product_id": "T026238",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0.7",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0.7",
"product_id": "342008",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Application Server 8.5",
"product_id": "703851",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM WebSphere Application Server 9.0",
"product_id": "703852",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0"
}
}
},
{
"category": "product_version_range",
"name": "Liberty \u003c=24.0.0.3",
"product": {
"name": "IBM WebSphere Application Server Liberty \u003c=24.0.0.3",
"product_id": "T034275"
}
},
{
"category": "product_version_range",
"name": "Liberty \u003c=24.0.0.3",
"product": {
"name": "IBM WebSphere Application Server Liberty \u003c=24.0.0.3",
"product_id": "T034275-fixed"
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Service Registry and Repository 8.5",
"product_id": "306235",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
}
}
}
],
"category": "product_name",
"name": "WebSphere Service Registry and Repository"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22329",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund einer serverseitigen Request Forgery. Ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T015905",
"T015904",
"T015903",
"T038747",
"T038746",
"5168",
"T033658",
"T038745",
"703851",
"703852",
"T039351",
"T039353",
"T039352",
"T024465",
"T031605",
"812526",
"342008",
"T021398",
"1234217",
"T026520",
"T038717",
"T035627",
"T038836",
"T038832",
"T021105",
"T021423",
"T036271",
"T037080",
"T026459",
"T037081",
"444803",
"T019704",
"T021106",
"T004180",
"T026238",
"306235"
],
"last_affected": [
"T034275"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22329"
},
{
"cve": "CVE-2024-22354",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund eines XML External Entity Injection (XXE)-Angriffs bei der Verarbeitung von XML-Daten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen, Speicherressourcen zu verbrauchen oder einen serverseitigen Request Forgery-Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T015905",
"T015904",
"T015903",
"T038747",
"T038746",
"5168",
"T033658",
"T038745",
"703851",
"703852",
"T039351",
"T039353",
"T039352",
"T024465",
"T031605",
"812526",
"342008",
"T021398",
"1234217",
"T026520",
"T038717",
"T035627",
"T038836",
"T038832",
"T021105",
"T021423",
"T036271",
"T037080",
"T026459",
"T037081",
"444803",
"T019704",
"T021106",
"T004180",
"T026238",
"306235"
],
"last_affected": [
"T034275"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-22354"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…