Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-56339

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-07 Aug, 2025 | 16:03
Updated At-07 Aug, 2025 | 16:29
Rejected At-
Credits

IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:07 Aug, 2025 | 16:03
Updated At:07 Aug, 2025 | 16:29
Rejected At:
▼CVE Numbering Authority (CNA)
IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

Affected Products
Vendor
IBM CorporationIBM
Product
WebSphere Application Server
CPEs
  • cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 9.0 (semver)
Vendor
IBM CorporationIBM
Product
WebSphere Application Server Liberty
CPEs
  • cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:25.0.0.7:*:*:*:liberty:*:*:*
Default Status
unaffected
Versions
Affected
  • From 17.0.0.3 through 25.0.0.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-650CWE-650
Type: CWE
CWE ID: CWE-650
Description: CWE-650
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

For IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.7 using the servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH64682 --OR-- · Apply Fix Pack 25.0.0.8 or later (targeted availability 3Q2025). For IBM WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.24: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH64683 --OR-- · Apply Fix Pack 9.0.5.26 or later (targeted availability 4Q2025). Additional interim fixes may be available and linked off the interim fix download page.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7239955
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7239955
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:07 Aug, 2025 | 16:15
Updated At:14 Aug, 2025 | 20:02

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
IBM Corporation
ibm
>>websphere_application_server>>Versions from 17.0.0.3(inclusive) to 25.0.0.7(inclusive)
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
IBM Corporation
ibm
>>websphere_application_server>>9.0.0.0
cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-650Secondarypsirt@us.ibm.com
CWE ID: CWE-650
Type: Secondary
Source: psirt@us.ibm.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.ibm.com/support/pages/node/7239955psirt@us.ibm.com
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/7239955
Source: psirt@us.ibm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2024-43173
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 14:48
Updated-25 Oct, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert information disclosure

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert
CWE ID-CWE-1275
Sensitive Cookie with Improper SameSite Attribute
CVE-2024-41760
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.03% / 7.26%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:49
Updated-11 Mar, 2025 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Common Cryptographic Architecture information disclosure

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.

Action-Not Available
Vendor-IBM Corporation
Product-4769 Developers ToolkitCommon Cryptographic Architecture
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-50327
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.39%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 01:00
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerSC weak security

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.

Action-Not Available
Vendor-IBM Corporation
Product-powerscPowerSCpowersc
CWE ID-CWE-650
Trusting HTTP Permission Methods on the Server Side
CWE ID-CWE-436
Interpretation Conflict
CVE-2024-45097
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.78%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 15:35
Updated-06 Sep, 2024 | 12:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex bypass security

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspex
CWE ID-CWE-650
Trusting HTTP Permission Methods on the Server Side
CWE ID-CWE-436
Interpretation Conflict
CVE-2024-45098
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 27.99%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 15:31
Updated-06 Sep, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex bypass security

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspex
CWE ID-CWE-650
Trusting HTTP Permission Methods on the Server Side
CVE-2024-28787
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.7||HIGH
EPSS-0.11% / 29.43%
||
7 Day CHG+0.03%
Published-04 Apr, 2024 | 17:31
Updated-14 Aug, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

Action-Not Available
Vendor-IBM Corporation
Product-application_gatewaysecurity_verify_accessApplication GatewaySecurity Verify Access ApplianceSecurity Verify Access Container
CWE ID-CWE-650
Trusting HTTP Permission Methods on the Server Side
  • Previous
  • 1
  • 2
  • Next
Details not found