CVERadar

CVE-2024-35154

Medium Severity

Ibm

SVRS

30/100

CVSSv3

7.2/10

EPSS

0.00383/1

CVE-2024-35154 allows remote authenticated attackers to execute arbitrary code on IBM WebSphere Application Server 8.5 and 9.0. An attacker with administrative console access can leverage specially crafted input to exploit this vulnerability and gain control of the system. While the CVSS score is 7.2, indicating a high severity, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a relatively lower real-world threat level currently. However, the potential for arbitrary code execution means organizations must address this issue promptly to mitigate the risk of compromise. This vulnerability is significant because successful exploitation grants attackers the ability to take full control of affected servers. Update your WebSphere installations promptly to prevent potential exploits. Ignoring this can lead to serious data breaches and system downtime.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Tageszusammenfassung - 09.08.2024

CERT.at2024-08-09

Tageszusammenfassung - 09.08.2024 | End-of-Day report Timeframe: Donnerstag 08-08-2024 18:00 - Freitag 09-08-2024 18:00 Handler: Robert Waldner Co-Handler: n/a News Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browsers executables to hijack homepages and steal browsing history.

cve-2024-38077

cve-2024-26308

cve-2024-37532

cve-2023-38018

CVE-2024-35154 | IBM WebSphere Application Server 8.5/9.0 unnecessary privileges (XFDB-292641)

vuldb.com2024-07-10

CVE-2024-35154 | IBM WebSphere Application Server 8.5/9.0 unnecessary privileges (XFDB-292641) | A vulnerability was found in IBM WebSphere Application Server 8.5/9.0. It has been classified as critical. This affects an unknown part. The manipulation leads to execution with unnecessary privileges. This vulnerability is uniquely identified as CVE-2024-35154. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade

cve-2024-35154

domains

urls

cves

Social Media

ZoomEye

@zoomeye_team

2024-07-10

🚨🚨IBM WebSphere Application Server is vulnerable to remote code execution （RCE）(CVE-2024-35154) ZoomEye Dork👉app:"IBM WebSphere Application Server" IBM WebSphere Application Server could allow a remote authenticated attacker, who has authorized access to the administrative https://t.co/OMHAwjYU32

Affected Software

Configuration 1

Type	Vendor	Product
App	Ibm	websphere_application_server

References

Reference	Link
[email protected]	https://exchange.xforce.ibmcloud.com/vulnerabilities/292641
[email protected]	https://www.ibm.com/support/pages/node/7159825

CWE Details

CWE ID	CWE Name	Description
CWE-250	Execution with Unnecessary Privileges	The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence