Lucene search

IbmCVE-2024-27257

HistorySep 10, 2024 - 3:15 p.m.

CVE-2024-27257

2024-09-1015:15:15

CWE-540

ibm

web.nvd.nist.gov

ibm openpages

client-side

javascript source maps

unauthorized users

cve-2024-27257

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

14.7%

JSON

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

Affected configurations

Nvd

Vulners

Node

ibmopenpages_grc_platformRange8.3–8.3.0.2

ibmopenpages_with_watsonRange9.0–9.0.0.3

VendorProductVersionCPE
ibmopenpages_grc_platform*cpe:2.3:a:ibm:openpages_grc_platform:*:*:*:*:*:*:*:*
ibmopenpages_with_watson*cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	openpages_grc_platform	*	cpe:2.3:a:ibm:openpages_grc_platform::::::::
ibm	openpages_with_watson	*	cpe:2.3:a:ibm:openpages_with_watson::::::::

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "OpenPages",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.3, 9.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/283966

www.ibm.com/support/pages/node/7167702

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-27257