CVE-2024-45072 Vulnerability Analysis & Exploit Details

CVE-2024-45072 Vulnerability Summary

CVE-2024-45072: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.048% (probability of exploit)

EPSS Percentile: 21.16% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 78.84% of others.

CVE-2024-45072 References

External References

• https://www.ibm.com/support/pages/node/7173263

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Data Serialization External Entities Blowup CAPEC-221 This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Vulnerable Configurations

• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:-:*:*:liberty_profile:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:-:*:*:liberty_profile:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:-:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:-:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:-:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:-:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:-:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:-:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.10:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.11:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.12:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.12:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.14:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.14:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.15:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.15:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.19:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.19:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.20:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.20:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.22:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.22:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.23:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.23:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.7:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.8:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.8:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.9:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.9:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.10:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.10:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.11:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.11:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.8:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.15:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.15:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.16:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.16:*:*:*:-:*:*:*
• cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
  cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
• cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
  cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
• cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
  cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
• cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
  cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
• cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
• cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
  cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-48340 – Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile...
• CVE-2025-3223 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configurat...
• CVE-2025-47949 – samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an at...
• CVE-2025-47946 – Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes...
• CVE-2025-47944 – Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to ver...