5.9
CVE-2024-41738
- EPSS 0.34%
- Veröffentlicht 01.11.2024 17:15:16
- Zuletzt bearbeitet 14.11.2024 20:51:29
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM TXSeries for Multiplatforms information disclosure
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Txseries For Multiplatforms Version10.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.256 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
https://www.ibm.com/support/pages/node/7174572