CVE-2024-47106
Published: 18 January 2025
Description
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.
Security Summary
CVE-2024-47106 affects IBM Jazz for Service Management in versions 1.1.3 through 1.1.3.22. The vulnerability arises from improper access restrictions (CWE-552), enabling a remote attacker to obtain sensitive information that could aid in further attacks against the system. It has a CVSS v3.1 base score of 5.3, rated as medium severity with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, no privileges or user interaction required, unchanged scope, low confidentiality impact, and no integrity or availability impact.
A remote, unauthenticated attacker can exploit this vulnerability over the network with minimal effort. Exploitation allows disclosure of sensitive information, providing reconnaissance data that could facilitate subsequent attacks on the system.
IBM's security advisory provides details on the vulnerability and mitigation, available at https://www.ibm.com/support/pages/node/7178507. Security practitioners should review this page for patching guidance and any recommended workarounds.
Details
- CWE(s)