CVE-2024-41763

Medium

Published: 04 January 2025

Published

04 January 2025

Modified

21 March 2025

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0005 14.4th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Security Summary

CVE-2024-41763 is a cryptographic weakness in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3, where weaker than expected cryptographic algorithms are used. This flaw, published on 2025-01-04, is categorized under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.

An unauthenticated attacker (PR:N) with network access (AV:N) could potentially exploit this vulnerability to decrypt highly sensitive information. The attack requires high complexity (AC:H) and no user interaction (UI:N), with no impact on integrity or availability, but successful exploitation would grant high-level access to confidential data (C:H) in an unchanged scope (S:U).

IBM provides details on the vulnerability, including mitigation and patch information, in their security advisory at https://www.ibm.com/support/pages/node/7180204.

Details

CWE(s): CWE-327

Affected Products

ibm

engineering lifecycle optimization publishing

7.0.2, 7.0.3

References

https://www.ibm.com/support/pages/node/7180204
Vendor Advisory · psirt@us.ibm.com