Lucene search

IbmCVELIST:CVE-2024-35151

HistoryAug 22, 2024 - 10:12 a.m.

CVE-2024-35151 IBM OpenPages information disclosure

2024-08-2210:12:55

CWE-288

ibm

www.cve.org

ibm openpages

information disclosure

apis

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.7%

JSON

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "OpenPages with Watson",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.3, 9.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/292638

www.ibm.com/support/pages/node/7165959

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.7%

JSON

Related for CVELIST:CVE-2024-35151