6.2
CVE-2024-35137
- EPSS 0.03%
- Veröffentlicht 28.06.2024 16:15:04
- Zuletzt bearbeitet 03.11.2025 22:16:54
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Access Manager Version >= 10.0.0.0 <= 10.0.7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.071 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-258 Empty Password in Configuration File
Using an empty string as a password is insecure.
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.