Sign In

CVE-2024-45073

📊 4.8 MEDIUM0.1%🎯 0 exploits
📅 Published Sep 30, 2024
📋 Status: Analyzed

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

🎯 Affected Products & Systems

8 product configurations affected

Filter by type:
📱
Vulnerable
Version: 8.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
📱
Vulnerable
Version: 9.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
💻
hp / hp-ux
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
💻
ibm / aix
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
💻
ibm / z\/os
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
💻
linux / linux kernel
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
💻
microsoft / windows
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
💻
oracle / solaris
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
8 productsscroll for more
Metrics
4.8 MEDIUMCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
HIGH
User Interaction:
REQUIRED
Confidentiality:
LOW
Integrity:
LOW
Availability:
NONE
Scope:
CHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
4.8 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)27.5th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Sep 30, 2024 (1 year ago)
Last Modified
Jan 7, 2025 (9 months ago)
Security Weaknesses2
References2