7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
It was possible for a privileged user to inject malicious commands that could be executed as another user. This issue has been addressed.
CVEID:CVE-2024-38319
**DESCRIPTION:**IBM Security SOAR could allow an authenticated user to execute malicious code loaded from a specially crafted script.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294830 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM strongly encourages customers to update their systems promptly.
Affected Product(s) | Version(s) |
---|---|
IBM Security SOAR | 51.0.2.0 and earlier |
Updated versions of the IBM Security SOAR Platform prevent this issue and are available for download at Release Download Locations.
Users should upgrade as soon as convenient. The upgrade instructions are available on IBM Documentation at <https://www.ibm.com/docs/en/sqsp/51?topic=51021-upgrade-notes>.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security soar | le | 51.0.2.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%