SB2026040217 - Multiple vulnerabilities in IBM Cloud Pak for Data System

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026040217

SB2026040217 - Multiple vulnerabilities in IBM Cloud Pak for Data System

Published: April 2, 2026

Security Bulletin ID SB2026040217
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 67% 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper Handling of Case Sensitivity (CVE-ID: CVE-2024-6866)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of a case sensitive try_match() function on the attacker-controlled URI. A remote attacker can bypass implemented security checks and gain unauthorized access to sensitive data. 



2) Input validation error (CVE-ID: CVE-2024-6844)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of special characters in URL. A remote attacker can bypass applied CORS restrictions and gain unauthorized access to the application. 


3) Security features bypass (CVE-ID: CVE-2024-6839)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper regex path matching. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. A remote attacker can gain unauthorized cross-origin access to sensitive data or functionality.


Remediation

Install update from vendor's website.

References