CVE-2024-25052

CWE-256CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 89.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Reporting Service
Timeline
PublishedJun 13

Description

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-gh9j-f3p4-fwf2: IBM Jazz Reporting Service 72024-06-13
CVEList
IBM Jazz Reporting Service information disclosure2024-06-13
CVE-2024-25052 (MEDIUM CVSS 4.4) | IBM Jazz Reporting Service 7.0.3 st | cvebase.io