CVE-2024-39727

CWE-10223 documents3 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 72.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Insights IBM Engineering Lifecycle Optimization - Engineering Insights

Timeline

PublishedDec 25

Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/engineering_lifecycle_optimization_-_engineering_insights7.0.2, 7.0.3+1

▶CVEListV5ibm/engineering_insights7.0.2, 7.0.3

🔴Vulnerability Details

GHSA

GHSA-8qcf-755r-4vhw: IBM Engineering Lifecycle Optimization - Engineering Insights 7↗2024-12-25

▶

CVEList

IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing↗2024-12-25

▶