Severity
Medium
Analysis Summary
CVE-2024-39752 CVSS:6.8
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
CVE-2024-38327 CVSS:6.8
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.
CVE-2025-36090 CVSS:4.3
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.
CVE-2024-37524 CVSS:5.3
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2024-39752
CVE-2024-38327
CVE-2025-36090
CVE-2024-37524
Affected Vendors
- IBM
Affected Products
- IBM Analytics Content Hub 2.0
- IBM Analytics Content Hub 2.1
- IBM Analytics Content Hub 2.2
- IBM Analytics Content Hub 2.3
Remediation
Refer to IBM Website for patch, upgrade, or suggested workaround information.