CVE-2024-22329

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3

Description The issue is related to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack.

Recommendations For IBM WebSphere Application Server versions 8.5, 9.0, consider disabling the vulnerable functionality until a patch is available. For IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3, restrict access to the affected modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.