Analysis Summary

CVE-2024-55897 CVSS:1.4

IBM PowerHA SystemMirror for i 7.4 and 7.5, does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

CVE-2024-55896 CVSS:2.7

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.

CVE-2024-52901 CVSS:3.6

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

CVE-2024-52898 CVSS:3.6

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.

CVE-2024-52897 CVSS:3.6

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CVE-2024-52896 CVSS:3.6

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CVE-2024-52893 CVSS:1.4

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2024-52891 CVSS:2.5

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.

CVE-2024-52367 CVSS:1.4

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

Impact

• Gain Access
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-55897

• CVE-2024-55896

• CVE-2024-52901

• CVE-2024-52898

• CVE-2024-52897

• CVE-2024-52896

• CVE-2024-52893

• CVE-2024-52891

• CVE-2024-52367

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-55897

CVE-2024-55896

CVE-2024-52901

CVE-2024-52898

CVE-2024-52897

CVE-2024-52896

CVE-2024-52893

CVE-2024-52891

CVE-2024-52367