Lucene search

IbmVULNRICHMENT:CVE-2024-35151

HistoryAug 22, 2024 - 10:12 a.m.

CVE-2024-35151 IBM OpenPages information disclosure

2024-08-2210:12:55

CWE-288

ibm

github.com

ibm openpages

information disclosure

improper authorization

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

19.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.

References

exchange.xforce.ibmcloud.com/vulnerabilities/292638

www.ibm.com/support/pages/node/7165959

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

19.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-35151