CVE-2024-39727

EPSS 0.08%
Veröffentlicht 25.12.2024 14:15:22
Zuletzt bearbeitet 10.01.2025 20:15:39
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Engineering Lifecycle Optimization - Engineering Insights Version7.0.2

Ibm ≫ Engineering Lifecycle Optimization - Engineering Insights Version7.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.252

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-1022 Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

https://www.ibm.com/support/pages/node/7176783

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-39727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39727

EUVD