CVE-2024-41741 — Observable Timing Discrepancy in IBM Txseries FOR Multiplatforms

CWE-208 — Observable Timing Discrepancy CWE-203 — Observable Discrepancy3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 68.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Txseries FOR Multiplatforms

Timeline

PublishedNov 1

Description

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/txseries_for_multiplatforms10.1

▶NVDibm/txseries10.1

🔴Vulnerability Details

GHSA

GHSA-mw4g-w7hh-rjpc: IBM TXSeries for Multiplatforms 10↗2024-11-01

▶

CVEList

IBM TXSeries for Multiplatforms information disclosure↗2024-11-01

▶