IBM TXSeries for Multiplatforms 10.1 HTTP GET Query String Information Disclosure Vulnerability
CVE-2024-41738 Published on November 1, 2024
IBM TXSeries for Multiplatforms information disclosure
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Vulnerability Analysis
CVE-2024-41738 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. The query string can be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.
Products Associated with CVE-2024-41738
Want to know whenever a new CVE is published for IBM Txseries For Multiplatforms? stack.watch will email you.
Affected Versions
IBM TXSeries for Multiplatforms Version 10.1 is affected by CVE-2024-41738Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.