CVE-2024-39727

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims web browser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ibmCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
ibmengineering_lifecycle_optimization_-_engineering_insights
7.0.2
ibmengineering_lifecycle_optimization_-_engineering_insights
7.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7176783