CVE-2024-38321

EPSS 0.08%
Veröffentlicht 03.08.2024 14:15:48
Zuletzt bearbeitet 06.09.2024 14:50:53
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Business Automation Workflow information disclosure

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user.  IBM X-Force ID:  284868.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 36 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Business Automation Workflow Version20.0.0.1 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version20.0.0.2 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.2 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Update- SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif002 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif005 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif006 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif007 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif008 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif009 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif010 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif011 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif012 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif013 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif014 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif015 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif016 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif017 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif028 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif029 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif030 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif031 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif032 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif033 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif034 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version22.0.1 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version22.0.2 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version23.0.1 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version23.0.2 SwEditioncontainers

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 19.0.0.1 <= 19.0.0.3

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 20.0.0.1 <= 20.0.0.2

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 21.0.1 <= 21.0.3.0

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 22.0.1 <= 22.0.2

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 23.0.1 <= 23.0.2

Ibm ≫ Business Automation Workflow SwEditionenterprise_service_bus Version >= 23.0.1 <= 23.0.2

Ibm ≫ Business Automation Workflow Version22.0.2 SwEditionenterprise_service_bus

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.233

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://exchange.xforce.ibmcloud.com/vulnerabilities/294868

Broken Link

https://www.ibm.com/support/pages/node/7162334

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38321

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38321

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38321

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-38321