CVE-2024-38327

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7234122	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:analytics_content_hub:*:*:*:*:*:*:*:*

History

23 Jul 2025, 19:04

Type	Values Removed	Values Added
First Time		Ibm Ibm analytics Content Hub
CPE		cpe:2.3:a:ibm:analytics_content_hub::::::::
References	~~() https://www.ibm.com/support/pages/node/7234122 -~~	() https://www.ibm.com/support/pages/node/7234122 - Vendor Advisory
CWE		NVD-CWE-noinfo

15 Jul 2025, 13:24

Type	Values Removed	Values Added
Summary		(es) IBM Analytics Content Hub 2.0, 2.1, 2.2 y 2.3 es vulnerable a la exposición de información y a otros ataques debido a un mapa de origen de JavaScript expuesto que podría ayudar a un atacante a leer y depurar JavaScript utilizado en la API de la aplicación.

10 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 15:15

Updated : 2025-07-23 19:04

NVD link : CVE-2024-38327

Mitre link : CVE-2024-38327

CVE.ORG link : CVE-2024-38327

JSON object : View

Products Affected

ibm

analytics_content_hub

CWE

CWE-540

Inclusion of Sensitive Information in Source Code

NVD-CWE-noinfo

{"id": "CVE-2024-38327", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-10T15:15:25.833", "references": [{"url": "https://www.ibm.com/support/pages/node/7234122", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-540"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API."}, {"lang": "es", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2 y 2.3 es vulnerable a la exposici\u00f3n de informaci\u00f3n y a otros ataques debido a un mapa de origen de JavaScript expuesto que podr\u00eda ayudar a un atacante a leer y depurar JavaScript utilizado en la API de la aplicaci\u00f3n."}], "lastModified": "2025-07-23T19:04:06.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:analytics_content_hub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76CDE13-C1D2-45A6-BEBB-30FD2C1EF4FA", "versionEndExcluding": "2.4", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}