Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM350F433631D8583CCA9E82AE1B602E7E16472FB71AA4244F59D235B335927C32
HistorySep 09, 2024 - 1:21 p.m.

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper error handling (CVE-2024-39751)

2024-09-0913:21:26
www.ibm.com
7
infosphere
information server
ibm
cve-2024-39751
vulnerability
fix
security patch

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0

Percentile

14.7%

JSON

Summary

A vulnerability related to improper error handling in InfoSphere Information Server was addressed.

Vulnerability Details

CVEID:CVE-2024-39751
**DESCRIPTION:**IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT390302 --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.5
--Apply Information Server Framework security patch
--Apply InfoSphere Metadata Asset Manager security patch
--Apply InfoSphere XMETA security patch

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_information_serverMatch11.7
VendorProductVersionCPE
ibminfosphere_information_server11.7cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

Related

cve 1
cvelist 1
nvd 1
vulnrichment 1
cve
cve
CVE-2024-39751
2024-08-06 16:15:48
cvelist
cvelist
CVE-2024-39751 IBM InfoSphere Information Server information disclosure
2024-08-06 15:17:37
nvd
nvd
CVE-2024-39751
2024-08-06 16:15:48
vulnrichment
vulnrichment
CVE-2024-39751 IBM InfoSphere Information Server information disclosure
2024-08-06 15:17:37

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0

Percentile

14.7%

JSON
Related for 350F433631D8583CCA9E82AE1B602E7E16472FB71AA4244F59D235B335927C32
cve1cvelist1nvd1vulnrichment1