Lucene search

IbmCVELIST:CVE-2024-35118

HistoryAug 29, 2024 - 3:20 p.m.

CVE-2024-35118 IBM MaaS360 information disclosure

2024-08-2915:20:02

CWE-798

ibm

www.cve.org

ibm

maas360

android

hard coded credentials

disclosure

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

IBM MaaS360 for Android 6.31 through 8.60 is using hard coded credentials that can be obtained by a user with physical access to the device.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:maas360:6.31:*:*:*:*:android:*:*",
      "cpe:2.3:a:ibm:maas360:8.60:*:*:*:*:android:*:*"
    ],
    "defaultStatus": "unaffected",
    "platforms": [
      "Android"
    ],
    "product": "MaaS360",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "8.60",
        "status": "affected",
        "version": "6.31",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/290341

www.ibm.com/support/pages/node/7166750

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2024-35118