First published: Mon Jul 08 2024(Updated: )
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
IBM Security Verify Governance, Identity Manager | <=ISVG 10.0.2 | |
IBM WebSphere Application Server with Web Server Plug-ins | >=8.5.0.0<=8.5.5.25 | |
IBM WebSphere Application Server with Web Server Plug-ins | >=9.0.0.0<=9.0.5.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-35154 is rated as critical due to its potential to allow remote authenticated attackers to execute arbitrary code within IBM WebSphere Application Server.
To mitigate CVE-2024-35154, users should upgrade to IBM WebSphere Application Server version 8.5.5.26 or 9.0.5.21 or later.
CVE-2024-35154 affects IBM WebSphere Application Server versions 8.5.0.0 to 8.5.5.25 and 9.0.0.0 to 9.0.5.20.
Yes, CVE-2024-35154 can be exploited by remote authenticated attackers with access to the administrative console.
Exploitation of CVE-2024-35154 may lead to unauthorized execution of arbitrary code, compromising the integrity and security of the affected system.