CVE-2024-31878

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-31878
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7156725 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7156725 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
History

21 Nov 2024, 09:14

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7156725 - Vendor Advisory () https://www.ibm.com/support/pages/node/7156725 - Vendor Advisory

11 Jun 2024, 18:23

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/287538 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7156725 - () https://www.ibm.com/support/pages/node/7156725 - Vendor Advisory
Summary
  • (es) IBM i 7.2, 7.3, 7.4 y 7.5 Service Tools Server (SST) es vulnerable a la enumeración de usuarios de SST por parte de un atacante remoto. Esta vulnerabilidad puede ser utilizada por un actor malintencionado para recopilar información sobre los usuarios de SST que puede ser objeto de futuros ataques. ID de IBM X-Force: 287538.
First Time Ibm i
Ibm
CPE cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*

07 Jun 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-07 14:15

Updated : 2024-11-21 09:14

NVD link : CVE-2024-31878

Mitre link : CVE-2024-31878

CVE.ORG link : CVE-2024-31878

JSON object : View

Products Affected

ibm

  • i
CWE
CWE-203

Observable Discrepancy


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024