Rapid7 Vulnerability & Exploit Database

IBM WebSphere Application Server: CVE-2024-22354: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

IBM WebSphere Application Server: CVE-2024-22354: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/17/2024
Created
04/22/2024
Added
04/22/2024
Modified
05/08/2024

Description

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.

Solution(s)

  • ibm-was-install-8-5-0-0-ph59682
  • ibm-was-install-8-5-ph59682-liberty
  • ibm-was-install-9-0-0-0-ph59682
  • ibm-was-upgrade-8-5-0-0-8-5-5-26
  • ibm-was-upgrade-8-5-24-0-0-6-liberty
  • ibm-was-upgrade-9-0-0-0-9-0-5-20

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;