nvd-json-data-feeds/CVE-2024/CVE-2024-287xx/CVE-2024-28778.json

{
  "id": "CVE-2024-28778",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2025-01-07T16:15:33.113",
  "lastModified": "2025-01-07T16:15:33.113",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization."
    },
    {
      "lang": "es",
      "value": "IBM Cognos Controller 11.0.0 a 11.0.1 e IBM Controller 11.1.0 son vulnerables a la exposici\u00f3n de claves API de Artifactory. Esta vulnerabilidad permite a los usuarios publicar c\u00f3digo en paquetes o repositorios privados bajo el nombre de la organizaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@us.ibm.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@us.ibm.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.ibm.com/support/pages/node/7179163",
      "source": "psirt@us.ibm.com"
    }
  ]
}