CVE-2024-39727 MEDIUM

CVE-2024-39727: IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing

Vendor Ibm
Product Engineering Insights
Weakness CWE-1022
Published December 25, 2024
Last update December 26, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Key dates

02Disclosure timeline

December 25, 2024 CVE published
December 26, 2024 Record updated