CVE-2024-39727

Published: Dec 25, 2024Modified: Jan 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Affected (2)

Products: Ibm: Engineering Lifecycle Optimization Engineering Insights

1 product

Engineering Lifecycle Optimization Engineering Insights

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0.2
Ibm Engineering Lifecycle Optimization Engineering Insights	Version 7.0.3

Related CWEs

Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

References (1)

https://www.ibm.com/support/pages/node/7176783

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.