IBM Security SOAR Vulnerability Could Allow Execution of Malicious Code
CVE-2024-38319

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Soar
Vendor: CVE Published:; 22 June 2024

Summary

IBM Security SOAR version 51.0.2.0 contains a vulnerability that permits an authenticated user to execute malicious code from a specially crafted script. This flaw poses serious security risks, as it enables potential attackers to manipulate or compromise the system by leveraging the capabilities of logged-in users. Organizations using this software should evaluate their risk exposure and consider implementing necessary security measures to mitigate the impact of this vulnerability. For further details, refer to IBM's vendor advisory and the X-Force vulnerability database entry.

Affected Version(s)

Security SOAR 51.0.2.0

References

https://www.ibm.com/support/pages/node/7158261

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/294830

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2024
Vulnerability Reserved
Jun 13, 2024

Credit

Julien Champoux