IBM OpenPages 8.3/9.0 sensitive information in source

Summaryinfo

A vulnerability classified as problematic was found in IBM OpenPages 8.3/9.0. The impacted element is an unknown function. Executing a manipulation can lead to sensitive information in source. This vulnerability is handled as CVE-2024-27257. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic was found in IBM OpenPages 8.3/9.0. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a sensitive information in source vulnerability. The CWE definition for the vulnerability is CWE-540. Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. As an impact it is known to affect confidentiality. CVE summarizes:

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users.

The advisory is shared for download at ibm.com. This vulnerability was named CVE-2024-27257 since 02/22/2024. The exploitation appears to be easy. The attack can be initiated remotely. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• IBM

Name

• OpenPages

Version

• 8.3
• 9.0

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion