CVE-2024-31878

June 7, 2024, 2:56 p.m.

Tags

psirt@us.ibm.com
2024-06-07
CVE-2024-31878
CWE-203

CVSS Score

5.3 / 10

Product(s) Impacted

IBM i

  • 7.2
  • 7.3
  • 7.4
  • 7.5

Description

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538.

Weaknesses

Date

Published: June 7, 2024, 2:15 p.m.

Last Modified: June 7, 2024, 2:56 p.m.

Status : Undergoing Analysis

CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.

More info

Source

psirt@us.ibm.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score
5.3
Exploitability Score
Impact Score
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/287538
psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7156725
psirt@us.ibm.com