CVE-2024-54181 HIGH

CVE-2024-54181: IBM WebSphere Automation command injection

Vendor Ibm

Product WebSphere Automation

Weakness CWE-78

Published December 30, 2024

Last update December 30, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.

Key dates

02Disclosure timeline

December 30, 2024 CVE published

December 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-54181

Related vulnerabilities

04Related CVE

CVE-2026-9435 Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection CVE-2019-25065 OpenNetAdmin os command injection CVE-2026-7121 Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner