CVE-2024-35114

CWE-204CWE-2033 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 69.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Control Center
Timeline
PublishedJan 25

Description

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/control_center6.2.1, 6.3.1
NVDibm/control_center6.2.1.0, 6.3.1.0+1

🔴Vulnerability Details

2
CVEList
IBM Control Center information disclosure2025-01-25
GHSA
GHSA-466p-j3vq-mwq3: IBM Control Center 62025-01-25
CVE-2024-35114 (MEDIUM CVSS 5.3) | IBM Control Center 6.2.1 and 6.3.1 | cvebase.io