CVE-2024-35154 – This vulnerability allows remote authenticated ... (How to Fix)

Q: What is the severity of CVE-2024-35154?

CVE-2024-35154 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote authenticated attackers with administrative console access to execute arbitrary code on IBM WebSphere Application Server. Attackers can exploit specially crafted input to run code on the affected system. This affects IBM WebSphere Application Server versions 8.5 and 9.0.

📋 TL;DR

This vulnerability allows remote authenticated attackers with administrative console access to execute arbitrary code on IBM WebSphere Application Server. Attackers can exploit specially crafted input to run code on the affected system. This affects IBM WebSphere Application Server versions 8.5 and 9.0.

💻 Affected Systems

Products:

IBM WebSphere Application Server

Versions: 8.5 and 9.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrative console access to exploit.

📦 What is this software?

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, lateral movement, ransomware deployment, or complete server takeover.

🟠

Likely Case

Privilege escalation leading to unauthorized administrative access, data exfiltration, or service disruption.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and minimal administrative access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated administrative access but uses specially crafted input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Interim Fix PH57171 for 8.5 and 9.0

Vendor Advisory: https://www.ibm.com/support/pages/node/7159825

Restart Required: Yes

Instructions:

1. Download Interim Fix PH57171 from IBM Fix Central. 2. Stop all WebSphere processes. 3. Apply the fix using IBM Installation Manager. 4. Restart WebSphere Application Server.

🔧 Temporary Workarounds

Restrict Administrative Console Access

all

Limit administrative console access to trusted IP addresses and users only.

Configure firewall rules to restrict access to WebSphere administrative ports (typically 9043/9443)

Enable Administrative Security

all

Ensure administrative security is enabled with strong authentication.

Verify administrative security is enabled in WebSphere console: Security > Global Security > Enable administrative security

🧯 If You Can't Patch

Implement network segmentation to isolate WebSphere servers from critical systems
Enforce multi-factor authentication for all administrative console access

🔍 How to Verify

Check if Vulnerable:

Check WebSphere version via administrative console or versionInfo.sh script

Check Version:

./versionInfo.sh (Linux) or versionInfo.bat (Windows) in WebSphere bin directory

Verify Fix Applied:

Verify Interim Fix PH57171 is installed via Installation Manager or versionInfo.sh

📡 Detection & Monitoring

Log Indicators:

Unusual administrative console login patterns
Suspicious input patterns in administrative requests
Unexpected process execution

Network Indicators:

Unusual traffic to administrative ports (9043/9443)
Suspicious payloads in administrative requests

SIEM Query:

source="websphere" AND (event="admin_login" OR event="admin_action") AND status="success" AND user NOT IN ["expected_admin_users"]

📊 Metadata

CVE ID: CVE-2024-35154

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

Published: July 9, 2024

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7159825 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7159825 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35154, you might also want to check these: