#VU94667 Authorization bypass through user-controlled key in IBM InfoSphere Information Server - CVE-2024-31898

Cybersecurity Help s.r.o.

Published: 2024-07-23

Vulnerability identifier: #VU94667

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-31898

CWE-ID: CWE-639

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM InfoSphere Information Server
Server applications / Database software

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to gain access to bypass authentication process or modify data on the system.

The vulnerability exists due to insecure direct object references. An authenticated user can exploit this vulnerability to read or modify sensitive information by bypassing authentication using insecure direct object references.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server: before 11.7.1

External links
https://www.ibm.com/support/pages/node/7158425
https://exchange.xforce.ibmcloud.com/vulnerabilities/288182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authorization bypass through user-controlled key in IBM InfoSphere Information Server