#VU95625 Input validation error in IBM WebSphere Application Server


Published: 2024-08-09

Vulnerability identifier: #VU95625

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35154

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM WebSphere Application Server
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to insufficient validation of user-supplied input within the administrative console. A remote privileged user can send specially crafted input to the application and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM WebSphere Application Server: 9.0 - 9.0.5.20, 8.5 - 8.5.5.25

External links
http://www.ibm.com/support/pages/node/7159825

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Tivoli Monitoring
Input validation error in IBM Jazz for Service Management
Input validation error in IBM Maximo Asset Management
Input validation error in IBM Tivoli Composite Application Manager for Application Diagnostics
Input validation error in IBM Tivoli System Automation Application Manager
Input validation error in IBM Security Guardium Key Lifecycle Manager
Input validation error in IBM Business Automation Workflow
Input validation error in WebSphere Service Registry and Repository
Input validation error in IBM InfoSphere Master Data Management
Input validation error in IBM Engineering Test Management