CVE-2024-49798

{"id": "CVE-2024-49798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-02-06T00:15:27.473", "references": [{"url": "https://www.ibm.com/support/pages/node/7182522", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."}, {"lang": "es", "value": "IBM ApplinX 11.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra el sistema."}], "lastModified": "2025-02-12T19:19:30.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:applinx:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7116F100-D485-4B66-A910-9A4663360A0F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}