IBM WebSphere Application Server Vulnerability: CVE-2024-45087

Written By Marcom ITSM.SG

The Vulnerability

IBM has identified a cross-site scripting (XSS) vulnerability in its WebSphere Application Server versions 8.5 and 9.0, designated as CVE-2024-45087. This flaw permits privileged users to inject arbitrary JavaScript into the Web UI, potentially leading to unintended functionality and the disclosure of credentials within a trusted session.

CVE Details

Affected Versions:

  • IBM WebSphere Application Server versions 8.5 and 9.0.

Recommended Actions:

  • Apply Interim Fixes: IBM advises applying interim fixes that address APAR PH62952.

  • Upgrade to Latest Fix Packs:

    • For versions 9.0.0.0 through 9.0.5.21: Upgrade to Fix Pack 9.0.5.22 or later.

    • For versions 8.5.0.0 through 8.5.5.26: Upgrade to Fix Pack 8.5.5.27 or later.

Implications for IT Service Management: Organisations utilising IBM WebSphere Application Server should promptly address this vulnerability to maintain the integrity of their IT service management frameworks. Neglecting to do so could result in unauthorised access and potential data breaches.

Stay Informed: For comprehensive details and updates, refer to IBM's official security bulletin.

Need help maintaining your software inventory to mitigate vulnerabilities like CVE-2024-45087?

Contact us for a consultation and ensure your systems remain secure and compliant with the latest security standards.

Marcom ITSM.SG
Previous

Revolutionising Appointment Booking Systems with GPT: Say Goodbye to Lost Customers
Next

Major Tech Outage- CrowdStrike Disrupts Businesses Worldwide