Login Sign Up

CVE-2024-22354

7.0 HIGH
Denial of Service SSRF XXE

📋 TL;DR

This XML External Entity Injection (XXE) vulnerability in IBM WebSphere Application Server allows attackers to process malicious XML data, potentially exposing sensitive information, consuming memory resources, or conducting server-side request forgery attacks. It affects IBM WebSphere Application Server 8.5, 9.0, and Liberty 17.0.0.3 through 24.0.0.5.

💻 Affected Systems

Products:
  • IBM WebSphere Application Server
  • IBM WebSphere Application Server Liberty
Versions: WebSphere 8.5, 9.0; Liberty 17.0.0.3 through 24.0.0.5
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable when processing XML data through affected components.

📦 What is this software?

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through SSRF to internal services, sensitive data exfiltration, and denial of service via memory exhaustion.

🟠

Likely Case

Information disclosure of server files and configuration, potential internal network reconnaissance via SSRF.

🟢

If Mitigated

Limited impact with proper XML parser hardening and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires ability to submit XML to vulnerable endpoints; XXE exploitation is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply latest security updates per IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7148426

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Apply appropriate fix packs or interim fixes. 3. Restart affected servers. 4. Verify fix application.

🔧 Temporary Workarounds

Disable XXE in XML parsers

all

Configure XML parsers to disable external entity processing

Set XML parser properties: FEATURE_SECURE_PROCESSING=true, disable external entities

Input validation and filtering

all

Implement strict input validation for XML content

Use XML schema validation, filter DOCTYPE declarations

🧯 If You Can't Patch

  • Implement network segmentation to isolate WebSphere servers
  • Deploy WAF with XXE protection rules

🔍 How to Verify

Check if Vulnerable:

Check WebSphere version against affected ranges: 8.5, 9.0, Liberty 17.0.0.3-24.0.0.5

Check Version:

For WebSphere: $WAS_HOME/bin/versionInfo.sh; For Liberty: server version

Verify Fix Applied:

Verify applied fix packs and confirm version is updated beyond vulnerable ranges

📡 Detection & Monitoring

Log Indicators:

  • Unusual XML parsing errors
  • External entity resolution attempts in logs
  • Unexpected outbound connections from server

Network Indicators:

  • HTTP requests with XML containing external entities
  • Unusual traffic patterns to internal services

SIEM Query:

source="websphere" AND (message="*DOCTYPE*" OR message="*ENTITY*" OR message="*XXE*")

📊 Metadata

CVE ID: CVE-2024-22354
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-611
Published: April 17, 2024
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22354, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)