IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| Link | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7171755 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
07 Jan 2025, 14:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.ibm.com/support/pages/node/7171755 - Vendor Advisory | |
| CPE | cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* |
|
| First Time |
Oracle
Oracle solaris Hp hp-ux Linux linux Kernel Microsoft Ibm aix Hp Ibm Linux Microsoft windows Ibm websphere Application Server Ibm z\/os |
04 Oct 2024, 13:51
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
30 Sep 2024, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-09-30 22:15
Updated : 2025-01-07 14:36
NVD link : CVE-2024-45073
Mitre link : CVE-2024-45073
CVE.ORG link : CVE-2024-45073
JSON object : View
Products Affected
ibm
- websphere_application_server
- z\/os
- aix
oracle
- solaris
microsoft
- windows
linux
- linux_kernel
hp
- hp-ux
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')