Sensitive Information Disclosure in IBM InfoSphere Information Server
CVE-2024-40704

4.9MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 15 August 2024

What is CVE-2024-40704?

A vulnerability in IBM InfoSphere Information Server 11.7 exists that may enable a privileged user to gain unauthorized access to sensitive information contained within authentication request headers. This flaw could expose confidential data, raising significant security concerns for enterprises relying on this system. Safeguarding sensitive data is paramount in today's security landscape.

References

https://www.ibm.com/support/pages/node/7160853

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/298277

VDB Entry

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024