CVE-2024-35112

CWE-80CWE-2093 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 74.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Control Center
Timeline
PublishedJan 25

Description

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/control_center6.2.1, 6.3.1
NVDibm/control_center6.2.1.0, 6.3.1.0+1

🔴Vulnerability Details

2
GHSA
GHSA-2cwp-85p5-6fwc: IBM Control Center 62025-01-25
CVEList
IBM Control Center cross-site scripting2025-01-25
CVE-2024-35112 (MEDIUM CVSS 4.3) | IBM Control Center 6.2.1 and 6.3.1 | cvebase.io