Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
Download Description
![image-20240501190904-1](/support/pages/system/files/inline-images/image-20240501190904-1.png)
The Liberty fixes on this page are superseded by a fix for another APAR. The links to the Liberty fixes for PH59682 are removed from this page. See PH59682 regressed the <x:transform> tag in pages-3.0 and productInfo -validate fails to find new Liberty fixes that resolve PH59682.
The WebSphere (traditional) fixes on this page are superseded by a fix for another APAR. The links to the links are removed from this page. See PH61385 to find new WebSphere (traditional) fixes that resolve PH59682
ERROR DESCRIPTION:
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
LOCAL FIX:
PROBLEM SUMMARY:
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)
PROBLEM CONCLUSION:
Confidential for CVE-2024-22354.
The fix for this APAR is targeted for inclusion in 8.5.5.26, 9.0.5.20, and 24.0.0.5.
For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553
![image-20240501190904-1](/support/pages/system/files/inline-images/image-20240501190904-1.png)
The Liberty fixes on this page are superseded by a fix for another APAR. The links to the Liberty fixes for PH59682 are removed from this page. See PH61042:PH59682 regressed the <x:transform> tag in pages-3.0 to find new Liberty fixes that resolve PH59682.
The WebSphere (traditional) fixes on this page are superseded by a fix for another APAR. The links to the links are removed from this page. See PH61385 to find new WebSphere (traditional) fixes that resolve PH59682
Prerequisites
Problems Solved
PH59682
Change History
Technical Support
Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
21 May 2024
UID
ibm17148359