CVE-2024-31899Plaintext Storage of a Password in IBM Cognos Command Center

CWE-256Plaintext Storage of a PasswordCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 84.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Command Center
Timeline
PublishedSep 26

Description

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cognos_command_center10.2.4.1, 10.2.5
NVDibm/cognos_command_center10.2.4.1, 10.2.5+1

🔴Vulnerability Details

2
GHSA
GHSA-8x2h-c9mx-cx2j: IBM Cognos Command Center 102024-09-26
CVEList
IBM Cognos Command Center information disclosure2024-09-26
CVE-2024-31899 — Plaintext Storage of a Password in IBM | cvebase