cvelist/2024/35xxx/CVE-2024-35154.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-35154",
        "ASSIGNER": "psirt@us.ibm.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.  Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  292641."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-250 Execution with Unnecessary Privileges",
                        "cweId": "CWE-250"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "IBM",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "WebSphere Application Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "8.5, 9.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.ibm.com/support/pages/node/7159825",
                "refsource": "MISC",
                "name": "https://www.ibm.com/support/pages/node/7159825"
            },
            {
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292641",
                "refsource": "MISC",
                "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292641"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Kin Hung Cheng"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2024-05-09 17:00:35 +00:00			`{`
"-Synchronized-Data." 2024-07-09 22:00:35 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-05-09 17:00:35 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-35154",`
"-Synchronized-Data." 2024-07-09 22:00:35 +00:00			`"ASSIGNER": "psirt@us.ibm.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-05-09 17:00:35 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-07-09 22:00:35 +00:00			`"value": "IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-250 Execution with Unnecessary Privileges",`
			`"cweId": "CWE-250"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "IBM",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "WebSphere Application Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "8.5, 9.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.ibm.com/support/pages/node/7159825",`
			`"refsource": "MISC",`
			`"name": "https://www.ibm.com/support/pages/node/7159825"`
			`},`
			`{`
			`"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292641",`
			`"refsource": "MISC",`
			`"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292641"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.2.0"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Kin Hung Cheng"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
"-Synchronized-Data." 2024-05-09 17:00:35 +00:00			`}`
			`]`
			`}`
			`}`