CVE-2024-52890
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-08-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | engineering_lifecycle_optimization | 7.0.2 |
| ibm | engineering_lifecycle_optimization | 7.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-84 | The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Apply the fixes provided by IBM: iFix016 for version 7.0.3 and iFix035 for version 7.0.2. No other workarounds or mitigations are provided, so updating to the fixed versions is the recommended immediate step to mitigate this vulnerability. [1]
Can you explain this vulnerability to me?
CVE-2024-52890 is a cross-site scripting (XSS) vulnerability in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. It occurs because the software does not properly validate URIs, allowing attackers to inject malicious scripts. This improper validation is classified under CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform cross-site scripting attacks, potentially compromising the confidentiality and integrity of the system. An attacker could exploit the lack of URI validation to execute malicious scripts, which may lead to unauthorized access or manipulation of data. The CVSS score indicates a low impact on confidentiality and integrity, no impact on availability, and requires user interaction. [1]