CVE-2024-43176

IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7174640	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

20 Jun 2025, 17:54

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7174640 -~~	() https://www.ibm.com/support/pages/node/7174640 - Vendor Advisory
CPE		cpe:2.3:a:ibm:openpages_with_watson:9.0:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Summary		(es) IBM OpenPages 9.0 podría permitir que un usuario autenticado obtenga información confidencial, como configuraciones que solo deberían estar disponibles para usuarios privilegiados.
First Time		Microsoft Linux Ibm Microsoft windows Ibm openpages With Watson Linux linux Kernel

09 Jan 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-276

09 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-09 14:15

Updated : 2025-06-20 17:54

NVD link : CVE-2024-43176

Mitre link : CVE-2024-43176

CVE.ORG link : CVE-2024-43176

JSON object : View

Products Affected

ibm

openpages_with_watson

microsoft

windows

linux

linux_kernel

CWE

CWE-282

Improper Ownership Management

CWE-276

Incorrect Default Permissions

{"id": "CVE-2024-43176", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-01-09T14:15:26.770", "references": [{"url": "https://www.ibm.com/support/pages/node/7174640", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-282"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users."}, {"lang": "es", "value": "IBM OpenPages 9.0 podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n confidencial, como configuraciones que solo deber\u00edan estar disponibles para usuarios privilegiados."}], "lastModified": "2025-06-20T17:54:19.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D23BA22-4275-4B58-9EB2-DF590B38E31D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}