CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56477: IBM Power Hardware Management Console directory traversal

6.5 CVSS

Description

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Classification

CVE ID: CVE-2024-56477

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor: IBM

Product: Power Hardware Management Console

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 21.92% (scored less or equal to compared to others)

EPSS Date: 2025-03-15 (when was this score calculated)

References

https://www.ibm.com/support/pages/node/7183224

Timeline

2025-02-15 00:30:38 UTC
CVE

IBM Power Hardware Management Console directory traversal