Sensitive URI Disclosure in IBM OpenBMC BMCWeb HTTPS Server
CVE-2024-31916

7.5HIGH

Key Information:

Vendor: IBM
Status: Openbmc
Vendor: CVE Published:; 27 June 2024

Summary

A security vulnerability exists in the IBM OpenBMC BMCWeb HTTPS server component, impacting versions FW1050.00 through FW1050.10. This flaw may allow unauthorized actors to access sensitive URI content, effectively bypassing existing authentication measures. Such unauthorized access poses significant risks to system integrity and confidentiality.

References

https://www.ibm.com/support/pages/node/7158679

https://exchange.xforce.ibmcloud.com/vulnerabilities/290026

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2024