CVE-2024-39725

Published: Dec 25, 2024Modified: Jan 10, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: psirt@us.ibm.com (Secondary)

Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Affected (2)

Products: Ibm: Engineering Lifecycle Optimization Engineering Insights

1 product

Engineering Lifecycle Optimization Engineering Insights

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0.2
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0.3

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (1)

https://www.ibm.com/support/pages/node/7176782

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.