CVE-2024-7577

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7185020	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

08 Jul 2025, 17:26

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:a:ibm:infosphere_information_server::::::::
First Time		Linux linux Kernel Linux Microsoft windows Ibm aix Microsoft Ibm Ibm infosphere Information Server
References	~~() https://www.ibm.com/support/pages/node/7185020 -~~	() https://www.ibm.com/support/pages/node/7185020 - Vendor Advisory

01 Apr 2025, 20:26

Type	Values Removed	Values Added
Summary		(es) IBM InfoSphere Information Server 11.7 podría revelar credenciales de usuario confidenciales de los archivos de registro durante una nueva instalación del producto.

29 Mar 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-29 00:15

Updated : 2025-07-08 17:26

NVD link : CVE-2024-7577

Mitre link : CVE-2024-7577

CVE.ORG link : CVE-2024-7577

JSON object : View

Products Affected

ibm

aix
infosphere_information_server

microsoft

windows

linux

linux_kernel

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-7577", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-29T00:15:24.257", "references": [{"url": "https://www.ibm.com/support/pages/node/7185020", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7 podr\u00eda revelar credenciales de usuario confidenciales de los archivos de registro durante una nueva instalaci\u00f3n del producto."}], "lastModified": "2025-07-08T17:26:02.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8544C8A-580A-4A26-8731-0511ADC66F36", "versionEndExcluding": "11.7.1", "versionStartIncluding": "11.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}