CVE-2024-39725 MEDIUM

CVE-2024-39725: IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure

Vendor Ibm
Product Engineering Insights
Weakness CWE-209 · Error message info leak
Published December 25, 2024
Last update December 26, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Key dates

02Disclosure timeline

December 25, 2024 CVE published
December 26, 2024 Record updated