Lucene search

IbmCVELIST:CVE-2024-22344

HistoryMay 10, 2024 - 5:41 p.m.

CVE-2024-22344 IBM TXSeries for Multiplatforms information disclosure

2024-05-1017:41:53

ibm

www.cve.org

ibm

txseries

multiplatforms

html injection

security context

x-force id

information disclosure

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 280191.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TXSeries for Multiplatforms",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/280191

www.ibm.com/support/pages/node/7150667

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-22344