CVE-2024-39725

MEDIUM

IBM Engineering Lifecycle Optimizatio... - Error Information Exposure

Title source: rule
STIX 2.1

Description

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0006
EPSS Percentile 20.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-209
Status published
Products (2)
ibm/engineering_lifecycle_optimization_-_engineering_insights 7.0.2
ibm/engineering_lifecycle_optimization_-_engineering_insights 7.0.3
Published Dec 25, 2024
Tracked Since Feb 18, 2026