CVE-2024-35154

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-250
View all →

Vulnerability Description

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

Related Vulnerabilities

CVE-2019-16767

HIGH
CVSS:7.2(High)

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance (container) is launched with advanced capabilities (not launched as root)

CWE-2502019

CVE-2024-21184

HIGH
CVSS:7.2(High)

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged at...

CWE-2502024

CVE-2025-23008

HIGH
CVSS:7.2(High)

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

CWE-2502025

CVE-2025-23009

HIGH
CVSS:7.2(High)

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.

CWE-2502025

CVE-2024-22017

HIGH
CVSS:7.3(High)

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped suc...

CWE-2502024

CVE-2023-4814

HIGH
CVSS:7.1(High)

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.

CWE-2502023