Authorization bypass through user-controlled key in IBM InfoSphere Information Server - CVE-2024-31898

 

Authorization bypass through user-controlled key in IBM InfoSphere Information Server - CVE-2024-31898

Published: July 23, 2024


Vulnerability identifier: #VU94667
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-31898
CWE-ID: CWE-639
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
IBM InfoSphere Information Server

Detailed vulnerability description

The vulnerability allows a remote user to gain access to bypass authentication process or modify data on the system.

The vulnerability exists due to insecure direct object references. An authenticated user can exploit this vulnerability to read or modify sensitive information by bypassing authentication using insecure direct object references.


How to mitigate CVE-2024-31898

Install updates from vendor's website.

Sources