Lucene search

IbmCVE-2024-41774

HistoryAug 13, 2024 - 11:15 a.m.

CVE-2024-41774

2024-08-1311:15:17

CWE-79

ibm

web.nvd.nist.gov

ibm

common licensing 9.0

stored cross-site scripting

privileged user

arbitrary javascript code

credentials disclosure

trusted session

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

Percentile

13.8%

JSON

IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348.

Affected configurations

Nvd

Vulners

Node

ibmcommon_licensingMatch9.0

VendorProductVersionCPE
ibmcommon_licensing9.0cpe:2.3:a:ibm:common_licensing:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	common_licensing	9.0	cpe:2.3:a:ibm:common_licensing:9.0:::::::*

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:common_licensing:9.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Common Licensing",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/350348

www.ibm.com/support/pages/node/7165251