CVE-2024-56477

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 29.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Power Hardware Management Console

Timeline

PublishedFeb 14

Description

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/power_hardware_management_console10.3.1050.0

▶NVDibm/power_hardware_management_console10.3.1060.0

🔴Vulnerability Details

GHSA

GHSA-qxcr-5h9v-q8vc: IBM Power Hardware Management Console V10↗2025-02-14

▶

CVEList

IBM Power Hardware Management Console directory traversal↗2025-02-14

▶