CVE-2024-38319

Published: Jun 22, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.

Affected (1)

Products: Ibm: Soar

Ibm

1 product

Soar

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Soar	Up to 51.0.2.0

Running on/with	Platform Versions
Redhat Linux	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/294830

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/7158261

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/294830

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ibm.com/support/pages/node/7158261

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.