CVE-2024-56477

{"id": "CVE-2024-56477", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-02-14T15:15:11.887", "references": [{"url": "https://www.ibm.com/support/pages/node/7183224", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."}, {"lang": "es", "value": "IBM Power Hardware Management Console V10.3.1050.0 podr\u00eda permitir que un usuario autenticado recorra directorios en el sistema. Un atacante podr\u00eda enviar una solicitud de URL especialmente manipulada que contenga secuencias de \"punto punto\" (/../) para ver archivos arbitrarios en el sistema."}], "lastModified": "2025-08-18T18:15:31.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:10.3.1060.0:sp1:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "FED1555E-BE7E-4165-8563-524D8475384B"}, {"criteria": "cpe:2.3:a:ibm:power_hardware_management_console:10.3.1060.0:sp1:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "BEADAEBF-739D-40BC-9CF8-EC3C4C5065C1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}