CVE-2024-45086 Vulnerability Analysis & Exploit Details

CVE-2024-45086 Vulnerability Summary

CVE-2024-45086: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.048% (probability of exploit)

EPSS Percentile: 21.09% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 78.91% of others.

CVE-2024-45086 References

External References

• https://www.ibm.com/support/pages/node/7174745

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Data Serialization External Entities Blowup CAPEC-221 This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Vulnerable Configurations

• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:-:*:*:liberty_profile:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:-:*:*:liberty_profile:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:-:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:-:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:-:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:-:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:-:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:-:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.10:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.11:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.12:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.12:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:liberty:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:liberty:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.13:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.14:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.14:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.15:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.15:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.16:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.17:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.18:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.19:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.19:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.20:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.20:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.22:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.22:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:8.5.5.23:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:8.5.5.23:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.7:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.8:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.8:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.9:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.9:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.10:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.10:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.0.11:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.0.11:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:hypervisor:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:hypervisor:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.8:*:*:*:*:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.15:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.15:*:*:*:-:*:*:*
• cpe:2.3:a:ibm:websphere_application_server:9.0.5.16:*:*:*:-:*:*:*
  cpe:2.3:a:ibm:websphere_application_server:9.0.5.16:*:*:*:-:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-2130 – A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticke...
• CVE-2025-26205 – Lua 5.4.7, when the debug library is used, has a out-of-bounds read and segmentation violation in mainpositionTV in ltable.c. NOTE: this is dispute...
• CVE-2025-26204 – Lua 5.4.7, when the debug library is used, has a out-of-bounds read and segmentation violation in equalkey in ltable.c. NOTE: this is disputed beca...
• CVE-2025-2129 – A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecur...
• CVE-2025-2127 – A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of th...