CVE-2024-51460

{"id": "CVE-2024-51460", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-11T13:15:06.510", "references": [{"url": "https://www.ibm.com/support/pages/node/7177698", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en un seguimiento de pila. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra el sistema."}], "lastModified": "2025-01-14T19:40:36.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}