CVE-2024-39727

EPSS 0.08%
Published 25.12.2024 14:15:22
Last modified 10.01.2025 20:15:39
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Engineering Lifecycle Optimization - Engineering Insights Version7.0.2

Ibm ≫ Engineering Lifecycle Optimization - Engineering Insights Version7.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.252

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-1022 Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

https://www.ibm.com/support/pages/node/7176783

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-39727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39727

EUVD