CVE-2024-45071

📊 5.5 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Oct 16, 2024

📋 Status: Analyzed

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

9 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	ibm	websphere application server	≥ 8.5.0.0 ∧ ≤ 8.5.5.26	Vulnerable	cpe:2.3:a:ibm:websphere_application_server::::::::
📱App	ibm	websphere application server	≥ 9.0.0.0 ∧ ≤ 9.0.5.21	Vulnerable	cpe:2.3:a:ibm:websphere_application_server::::::::
💻OS	hp	hp-ux	All versions	Not Vulnerable	cpe:2.3:o:hp:hp-ux:-:::::::*
💻OS	ibm	aix	All versions	Not Vulnerable	cpe:2.3:o:ibm:aix:-:::::::*
💻OS	ibm	i	All versions	Not Vulnerable	cpe:2.3:o:ibm:i:-:::::::*
💻OS	ibm	z\/os	All versions	Not Vulnerable	cpe:2.3:o:ibm:z\/os:-:::::::*
💻OS	linux	linux kernel	All versions	Not Vulnerable	cpe:2.3:o:linux:linux_kernel:-:::::::*
💻OS	microsoft	windows	All versions	Not Vulnerable	cpe:2.3:o:microsoft:windows:-:::::::*
💻OS	oracle	solaris	All versions	Not Vulnerable	cpe:2.3:o:oracle:solaris:-:::::::*

📱

ibm / websphere application server

Application

Vulnerable

Version: ≥ 8.5.0.0 ∧ ≤ 8.5.5.26

CPE:

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

📱

ibm / websphere application server

Application

Vulnerable

Version: ≥ 9.0.0.0 ∧ ≤ 9.0.5.21

CPE:

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

💻

hp / hp-ux

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*

💻

ibm / aix

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*

💻

ibm / i

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

💻

ibm / z\/os

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*

💻

linux / linux kernel

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

💻

microsoft / windows

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

💻

oracle / solaris

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*

9 products•scroll for more

Metrics

5.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

HIGH

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

LOW

Availability:

NONE

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

5.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)35.7th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Oct 16, 2024 (1 year ago)

Last Modified

Oct 21, 2024 (1 year ago)

Security Weaknesses1

CWE-79

References2

NVDgeneral