PT-2024-24280 · Ibm · Ibm Openbmc
Published
2024-06-27
·
Updated
2024-08-06
·
CVE-2024-31916
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM OpenBMC versions FW1050.00 through FW1050.10
Description
The BMCWeb HTTPS server component in IBM OpenBMC could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels.
Recommendations
For versions FW1050.00 through FW1050.10, update to a version that fixes this issue to prevent unauthorized access to sensitive URI content.
Fix
Missing Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Openbmc