vulnerability

IBM WebSphere Application Server: CVE-2024-45073: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:M/C:P/I:P/A:N)

Published

Sep 30, 2024

Added

Nov 11, 2024

Modified

Jun 23, 2026

Description

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

Solution

ibm-was-upgrade-latest

References

CVE-2024-45073
https://attackerkb.com/topics/CVE-2024-45073
IBM-ibm107171755
https://www.ibm.com/support/pages/node/7171755
https://www.cve.org/CVERecord?id=CVE-2024-45073
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-41295
CWE-79
EUVD-EUVD-2024-41295

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report