Main Vulnerability Database Vulnerabilities #VU94667

#VU94667 Authorization bypass through user-controlled key in IBM InfoSphere Information Server - CVE-2024-31898

Published: July 23, 2024

Vulnerability identifier: #VU94667

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-31898

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM InfoSphere Information Server

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to gain access to bypass authentication process or modify data on the system.

The vulnerability exists due to insecure direct object references. An authenticated user can exploit this vulnerability to read or modify sensitive information by bypassing authentication using insecure direct object references.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7158425
https://exchange.xforce.ibmcloud.com/vulnerabilities/288182

#VU94667 Authorization bypass through user-controlled key in IBM InfoSphere Information Server - CVE-2024-31898

Description

Remediation

External links

Please verify you're human