Lucene search

IbmCVELIST:CVE-2024-40705

HistoryAug 15, 2024 - 4:48 p.m.

CVE-2024-40705 IBM InfoSphere Information Server denial of service

2024-08-1516:48:03

CWE-405

ibm

www.cve.org

ibm

infosphere

dos

file uploads

x-force

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

13.7%

JSON

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "InfoSphere Information Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.7"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/298279

www.ibm.com/support/pages/node/7160855

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

13.7%

JSON

Related for CVELIST:CVE-2024-40705