Vulnerability-Lookup

WID-SEC-W-2025-1591

Vulnerability from csaf_certbund - Published: 2025-07-17 22:00 - Updated: 2025-12-21 23:00

Summary

IBM WebSphere Application Server: Schwachstelle ermöglicht Offenlegung von Informationen

Severity

Niedrig

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM WebSphere Application Server ist ein J2EE-Applikationsserver.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2024-56339

Affected products

Known affected 19 products

Product	Identifier	Version
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
IBM Security Verify Access <v11.0.2 IBM / Security Verify Access		<v11.0.2
IBM SPSS Analytic Server IBM / SPSS	`cpe:/a:ibm:spss:analytic_server`	Analytic Server
IBM WebSphere Application Server <9.0.5.26 IBM / WebSphere Application Server		<9.0.5.26
IBM Rational ClearQuest IBM	`cpe:/a:ibm:rational_clearquest:-`	—
IBM MQ IBM	`cpe:/a:ibm:mq:operator`	—
IBM SPSS Collaboration and Deployment Services IBM / SPSS	`cpe:/a:ibm:spss:collaboration_and_deployment_services`	Collaboration and Deployment Services
HCL Commerce <9.0.1.16 HCL / Commerce		<9.0.1.16
IBM WebSphere Application Server Liberty <25.0.0.8 IBM / WebSphere Application Server		Liberty <25.0.0.8
IBM Rational ClearCase 9.1 IBM / Rational ClearCase	`cpe:/a:ibm:rational_clearcase:9.1`	9.1
HCL Commerce <9.1.18.2 HCL / Commerce		<9.1.18.2
HCL AppScan Enterprise 10.10.0 HCL / AppScan Enterprise	`cpe:/a:hcltech:appscan_enterprise:10.10.0`	10.10.0
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:containers`	—
IBM Spectrum Protect Operations Center <8.1.27.100 IBM / Spectrum Protect		Operations Center <8.1.27.100
IBM Tivoli Key Lifecycle Manager IBM	`cpe:/a:ibm:tivoli_key_lifecycle_manager:-`	—
IBM Security Verify Access <v10.0.9.1 IBM / Security Verify Access		<v10.0.9.1
IBM DevOps Code ClearCase 11.0 IBM / DevOps Code ClearCase	`cpe:/a:ibm:devops_code_clearcase:11.0`	11
IBM Rational ClearCase 10.0.0 IBM / Rational ClearCase	`cpe:/a:ibm:rational_clearcase:10.0.0`	10.0.0

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7239955	external
https://www.ibm.com/support/pages/node/7241467	external
https://support.hcl-software.com/csm?id=kb_articl…	external
https://www.ibm.com/support/pages/node/7241675	external
https://www.ibm.com/support/pages/node/7242376	external
https://www.ibm.com/support/pages/node/7244382	external
https://www.ibm.com/support/pages/node/7244759	external
https://www.ibm.com/support/pages/node/7245567	external
https://www.ibm.com/support/pages/node/7249764	external
https://www.ibm.com/support/pages/node/7250258	external
https://www.ibm.com/support/pages/node/7249981	external
https://www.ibm.com/support/pages/node/7251247	external
https://www.ibm.com/support/pages/node/7255033	external
https://support.hcl-software.com/community?id=com…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1591 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1591.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1591 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1591"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-17",
        "url": "https://www.ibm.com/support/pages/node/7239955"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241467 vom 2025-08-05",
        "url": "https://www.ibm.com/support/pages/node/7241467"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-08-05",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122946"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241675 vom 2025-08-07",
        "url": "https://www.ibm.com/support/pages/node/7241675"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7242376 vom 2025-08-18",
        "url": "https://www.ibm.com/support/pages/node/7242376"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7244382 vom 2025-09-09",
        "url": "https://www.ibm.com/support/pages/node/7244382"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7244759 vom 2025-09-12",
        "url": "https://www.ibm.com/support/pages/node/7244759"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7245567 vom 2025-09-19",
        "url": "https://www.ibm.com/support/pages/node/7245567"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7249764 vom 2025-10-31",
        "url": "https://www.ibm.com/support/pages/node/7249764"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7250258 vom 2025-11-06",
        "url": "https://www.ibm.com/support/pages/node/7250258"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7249981 vom 2025-11-12",
        "url": "https://www.ibm.com/support/pages/node/7249981"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7251247 vom 2025-11-14",
        "url": "https://www.ibm.com/support/pages/node/7251247"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7255033 vom 2025-12-17",
        "url": "https://www.ibm.com/support/pages/node/7255033"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-12-21",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=7a37cac033ceb690159a05273e5c7b2d"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM WebSphere Application Server: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-12-21T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-22T09:11:21.074+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-1591",
      "initial_release_date": "2025-07-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-05T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-08-06T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-07T22:00:00.000+00:00",
          "number": "5",
          "summary": "Referenz(en) aufgenommen: EUVD-2024-54856"
        },
        {
          "date": "2025-08-17T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-09-09T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-09-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-09-21T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-02T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-05T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-11T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-16T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-12-16T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-12-21T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "15"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10.10.0",
                "product": {
                  "name": "HCL AppScan Enterprise 10.10.0",
                  "product_id": "T049615",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:appscan_enterprise:10.10.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AppScan Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.1.16",
                "product": {
                  "name": "HCL Commerce \u003c9.0.1.16",
                  "product_id": "T019286"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.1.16",
                "product": {
                  "name": "HCL Commerce 9.0.1.16",
                  "product_id": "T019286-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.0.1.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.18.2",
                "product": {
                  "name": "HCL Commerce \u003c9.1.18.2",
                  "product_id": "T045896"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.18.2",
                "product": {
                  "name": "HCL Commerce 9.1.18.2",
                  "product_id": "T045896-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.1.18.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T024464",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:containers"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11",
                "product": {
                  "name": "IBM DevOps Code ClearCase 11.0",
                  "product_id": "T046313",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:devops_code_clearcase:11.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DevOps Code ClearCase"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7",
                  "product_id": "444803",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          },
          {
            "category": "product_name",
            "name": "IBM MQ",
            "product": {
              "name": "IBM MQ",
              "product_id": "T036688",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:mq:operator"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM Rational ClearCase 9.1",
                  "product_id": "T021423",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0.0",
                "product": {
                  "name": "IBM Rational ClearCase 10.0.0",
                  "product_id": "T026520",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:10.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational ClearCase"
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearQuest",
            "product": {
              "name": "IBM Rational ClearQuest",
              "product_id": "T038778",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearquest:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Analytic Server",
                "product": {
                  "name": "IBM SPSS Analytic Server",
                  "product_id": "T011787",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spss:analytic_server"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Collaboration and Deployment Services",
                "product": {
                  "name": "IBM SPSS Collaboration and Deployment Services",
                  "product_id": "T037766",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spss:collaboration_and_deployment_services"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SPSS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv10.0.9.1",
                "product": {
                  "name": "IBM Security Verify Access \u003cv10.0.9.1",
                  "product_id": "T049459"
                }
              },
              {
                "category": "product_version",
                "name": "v10.0.9.1",
                "product": {
                  "name": "IBM Security Verify Access v10.0.9.1",
                  "product_id": "T049459-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_verify_access:v10.0.9.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cv11.0.2",
                "product": {
                  "name": "IBM Security Verify Access \u003cv11.0.2",
                  "product_id": "T049461"
                }
              },
              {
                "category": "product_version",
                "name": "v11.0.2",
                "product": {
                  "name": "IBM Security Verify Access v11.0.2",
                  "product_id": "T049461-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_verify_access:v11.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Verify Access"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Operations Center \u003c8.1.27.100",
                "product": {
                  "name": "IBM Spectrum Protect Operations Center \u003c8.1.27.100",
                  "product_id": "T048541"
                }
              },
              {
                "category": "product_version",
                "name": "Operations Center 8.1.27.100",
                "product": {
                  "name": "IBM Spectrum Protect Operations Center 8.1.27.100",
                  "product_id": "T048541-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect:operations_center__8.1.27.100"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for multiplatforms",
                "product": {
                  "name": "IBM TXSeries for multiplatforms",
                  "product_id": "T036617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TXSeries"
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Liberty \u003c25.0.0.8",
                "product": {
                  "name": "IBM WebSphere Application Server Liberty \u003c25.0.0.8",
                  "product_id": "T045479"
                }
              },
              {
                "category": "product_version",
                "name": "Liberty 25.0.0.8",
                "product": {
                  "name": "IBM WebSphere Application Server Liberty 25.0.0.8",
                  "product_id": "T045479-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:liberty__25.0.0.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5.26",
                "product": {
                  "name": "IBM WebSphere Application Server \u003c9.0.5.26",
                  "product_id": "T045508"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5.26",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0.5.26",
                  "product_id": "T045508-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-56339",
      "product_status": {
        "known_affected": [
          "T036617",
          "T049461",
          "T011787",
          "T045508",
          "T038778",
          "T036688",
          "T037766",
          "T019286",
          "T045479",
          "T021423",
          "T045896",
          "T049615",
          "444803",
          "T024464",
          "T048541",
          "T026238",
          "T049459",
          "T046313",
          "T026520"
        ]
      },
      "release_date": "2025-07-17T22:00:00.000+00:00",
      "title": "CVE-2024-56339"
    }
  ]
}

CVE-2024-56339 (GCVE-0-2024-56339)

Vulnerability from cvelistv5 – Published: 2025-08-07 16:03 – Updated: 2025-08-07 16:29

Title

IBM WebSphere Application Server information disclosure

Summary

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-650

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7239955	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
IBM	WebSphere Application Server	Affected: 9.0 (semver) cpe:2.3:a:ibm:websphere_application_server:9.0:::::::*
IBM	WebSphere Application Server Liberty	Affected: 17.0.0.3 , ≤ 25.0.0.7 (semver) cpe:2.3:a:ibm:websphere_application_server:17.0.0.3::::liberty::: cpe:2.3:a:ibm:websphere_application_server:25.0.0.7::::liberty:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56339",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T16:29:27.157409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-07T16:29:34.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:25.0.0.7:*:*:*:liberty:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "WebSphere Application Server Liberty",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "25.0.0.7",
              "status": "affected",
              "version": "17.0.0.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7\u0026nbsp;could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration."
            }
          ],
          "value": "IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7\u00a0could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-650",
              "description": "CWE-650",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T16:11:38.908Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7239955"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.7 using the servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature:\u003cbr\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH64682 \u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 25.0.0.8 or later (targeted availability 3Q2025).\u003cbr\u003e\u003cbr\u003eFor IBM WebSphere Application Server traditional:\u003cbr\u003e\u003cbr\u003eFor V9.0.0.0 through 9.0.5.24:\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH64683 \u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.26 or later (targeted availability 4Q2025).  \u003cbr\u003e\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003cbr\u003e"
            }
          ],
          "value": "For IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.7 using the servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature:\n\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH64682 \n--OR--\n\u00b7 Apply Fix Pack 25.0.0.8 or later (targeted availability 3Q2025).\n\nFor IBM WebSphere Application Server traditional:\n\nFor V9.0.0.0 through 9.0.5.24:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH64683 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.26 or later (targeted availability 4Q2025).  \n\n \n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM WebSphere Application Server information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-56339",
    "datePublished": "2025-08-07T16:03:05.256Z",
    "dateReserved": "2024-12-20T13:55:07.212Z",
    "dateUpdated": "2025-08-07T16:29:34.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1591

CVE-2024-56339 (GCVE-0-2024-56339)

Tags

Sightings

Nomenclature