CVE-2024-39750

High

Published: 25 January 2025

Published

25 January 2025

Modified

29 September 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0149 81.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Security Summary

IBM Analytics Content Hub 2.0 is affected by CVE-2024-39750, a buffer overflow vulnerability caused by improper return length checking. This issue, mapped to CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-25.

A remote authenticated attacker with low privileges can exploit the vulnerability over the network with low attack complexity and no user interaction. Exploitation enables buffer overflow, allowing arbitrary code execution on the system or a server crash resulting in denial of service.

IBM provides details on the vulnerability, including mitigation guidance, in its security advisory at https://www.ibm.com/support/pages/node/7172787.

Details

CWE(s): CWE-120

Affected Products

ibm

analytics content hub

2.0 — 2.3

References

https://www.ibm.com/support/pages/node/7172787
Vendor Advisory · psirt@us.ibm.com