CVE-2024-35154

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

Published: Jul 10, 2024
Updated: May 4, 2025
CVE: CVE-2024-35154
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-250

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	8.5.0.0	8.5.5.25.x
ibm / websphere_application_server	9.0.0.0	9.0.5.20.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/292641
https://www.ibm.com/support/pages/node/7159825

Vulnerability Database

289,599

CVE-2024-35154