Main Vulnerability Database SB2024072326

SB2024072326 - Authorization bypass through user-controlled key in IBM InfoSphere Information Server

Published: July 23, 2024

Security Bulletin ID SB2024072326

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authorization bypass through user-controlled key (CVE-ID: CVE-2024-31898)

The vulnerability allows a remote user to gain access to bypass authentication process or modify data on the system.

The vulnerability exists due to insecure direct object references. An authenticated user can exploit this vulnerability to read or modify sensitive information by bypassing authentication using insecure direct object references.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7158425