CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
AI Score
Confidence
Low
Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. [CVE-2024-28098, CVE-2024-29834] The below vulnerabilities have been addressed.
CVEID:CVE-2024-28098
**DESCRIPTION:**Apache Pulsar could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to modify topic-level policies.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285480 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID:CVE-2024-29834
**DESCRIPTION:**Apache Pulsar could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization for namespace and topic management endpoints. By sending a specially crafted request, an attacker could exploit this vulnerability to read, create, modify, and delete namespace properties in any namespace in any tenant.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286806 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|
Transport Module Common Integration Library
|
common-transportmodule-29_0 up to and including common-transportmodule-39_0
Product(s)
|
Version(s)
|
Remediation / First Fix
—|—|—
Transport Module Common Integration Library
|
common-transportmodule-40_0
|
Refer to release notice for the part number of the new package and instructions for the upgrade
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_netcool_webtop | 1.6 | cpe:2.3:a:ibm:tivoli_netcool_webtop:1.6:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
AI Score
Confidence
Low