CVE-2024-31916— IBM OpenBMC information disclosure

CVSS 7.5 · High EPSS 0.03% · P8 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-31916

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

IBM OpenBMC information disclosure

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用候选路径或通道进行的认证绕过

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM OpenBMC 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM OpenBMC是美国国际商业机器（IBM）公司的一个 Linux 发行版，用于管理服务器、架顶式交换机或 RAID 设备等设备的控制器。 IBM OpenBMC FW1050.00 至 FW1050.10 版本存在安全漏洞，该漏洞源于 BMCWeb HTTPS 服务器组件可能会向绕过身份验证渠道的未经授权的行为者泄露敏感 URI 内容。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	OpenBMC	FW1050.00 ~ FW1050.10	-

II. Public POCs for CVE-2024-31916

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-31916

请登录查看更多情报信息。

Same Patch Batch · IBM · 2024-06-27 · 11 CVEs total

CVE-2023-30997	7.8 HIGH	IBM Security Access Manager Docker privilege escalation
CVE-2023-30998	7.8 HIGH	IBM Security Access Manager Docker privilege escalation
CVE-2023-38370	7.5 HIGH	IBM Security Access Manager Docker information disclosure
CVE-2023-38371	5.9 MEDIUM	IBM Security Access Manager Docker information disclosure
CVE-2023-38368	5.5 MEDIUM	IBM Security Access Manager Docker information disclosure
CVE-2023-30430	5.5 MEDIUM	IBM Security Verify Access information disclosure
CVE-2023-42014	5.4 MEDIUM	IBM Sterling B2B Integrator Standard Edition cross-site scripting
CVE-2024-31883	5.3 MEDIUM	IBM Security Verify Access denial of service
CVE-2024-35153	4.8 MEDIUM	IBM WebSphere Application Server cross-site scripting
CVE-2023-42011	4.3 MEDIUM	IBM Sterling B2B Integrator Standard Edition tapjacking

IV. Related Vulnerabilities

Same product: OpenBMC

Same vendor: IBM

Same weakness: CWE-288

V. Comments for CVE-2024-31916

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-31916— IBM OpenBMC information disclosure

I. Basic Information for CVE-2024-31916

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-31916

III. Intelligence Information for CVE-2024-31916

Same Patch Batch · IBM · 2024-06-27 · 11 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-31916

Leave a comment