{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-35154","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-05-09T16:27:47.446Z","datePublished":"2024-07-09T21:57:32.820Z","dateUpdated":"2024-08-02T03:07:46.791Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"WebSphere Application Server","vendor":"IBM","versions":[{"status":"affected","version":"8.5, 9.0"}]}],"credits":[{"lang":"en","type":"finder","value":"Kin Hung Cheng"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.  Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  292641."}],"value":"IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.  Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  292641."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-250","description":"CWE-250 Execution with Unnecessary Privileges","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2024-07-09T21:57:32.820Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/7159825"},{"tags":["vdb-entry"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/292641"}],"source":{"discovery":"UNKNOWN"},"title":"IBM WebSphere Application Server code execution","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-10T13:14:17.639454Z","id":"CVE-2024-35154","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-10T13:14:29.553Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:07:46.791Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.ibm.com/support/pages/node/7159825"},{"tags":["vdb-entry","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/292641"}]}]}}