CVE-2024-45086

Summary

CVE-2024-45086 is a newly disclosed vulnerability affecting IBM WebSphere Application Server versions 8.5 and 9.0. This issue allows for XML External Entity Injection (XXE) attacks, enabling an attacker to inject malicious XML code and potentially expose sensitive information or consume significant memory resources. A privileged user can trigger this vulnerability by manipulating the processing of XML data. Organizations using these affected versions are advised to apply the relevant patches or mitigations to protect against this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.