CVE-2024-39727
IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing
In short
IBM Engineering Lifecycle Optimization - Engineering Insights contains links that can be manipulated to redirect users to malicious websites without proper validation. An attacker can trick users into visiting a fake site that steals their information or performs unwanted actions on their browser.
Technical detail
The application uses unvalidated external links (tabnabbing vulnerability) that allow a remote attacker to redirect users to untrusted domains. This can lead to session hijacking, credential theft, or execution of unauthorized actions in the victim's authenticated context.
Summary generated and translated by AI from the official description.
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
IBM · Engineering InsightsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →