CVE-2024-41773

IBM Global Configuration Management incorrect ownership assignment

CVSS 6.5 MEDIUMEPSS 0.3%CWE-708

In short

IBM Global Configuration Management has a flaw where authenticated users can archive global baselines they shouldn't have permission to access. This allows unauthorized modification of important configuration settings that should be protected.

Technical detail

CWE-708 involves improper enforcement of message integrity. An authenticated attacker can exploit insufficient access controls to archive global baselines in affected versions (7.0.2 and 7.0.3), potentially disrupting configuration management and affecting system availability.

Summary generated and translated by AI from the official description.

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

IBM · Global Configuration Management

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/350347 https://www.ibm.com/support/pages/node/7165963