{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38327", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-06-13T21:43:59.170Z", "datePublished": "2025-07-10T14:14:40.562Z", "dateUpdated": "2025-08-18T01:35:53.589Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:analytics_content_hub:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:analytics_content_hub:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:analytics_content_hub:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:analytics_content_hub:2.3:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Analytics Content Hub", "vendor": "IBM", "versions": [{"status": "affected", "version": "2.0, 2.1, 2.2, 2.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API."}], "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-540", "description": "CWE-540 Inclusion of Sensitive Information in Source Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:35:53.589Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7234122"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4<br>"}], "value": "IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Analytics Content Hub information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-10T20:15:33.856479Z", "id": "CVE-2024-38327", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T20:15:42.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38327", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-10T20:15:33.856479Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T20:15:39.306Z"}}], "cna": {"title": "IBM Analytics Content Hub information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:analytics_content_hub:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:analytics_content_hub:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:analytics_content_hub:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:analytics_content_hub:2.3:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Analytics Content Hub", "versions": [{"status": "affected", "version": "2.0, 2.1, 2.2, 2.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4", "supportingMedia": [{"type": "text/html", "value": "IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7234122", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.", "supportingMedia": [{"type": "text/html", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-540", "description": "CWE-540 Inclusion of Sensitive Information in Source Code"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:35:53.589Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38327", "state": "PUBLISHED", "dateUpdated": "2025-08-18T01:35:53.589Z", "dateReserved": "2024-06-13T21:43:59.170Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-07-10T14:14:40.562Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:analytics_content_hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "A76CDE13-C1D2-45A6-BEBB-30FD2C1EF4FA", "versionEndExcluding": "2.4", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API."}, {"lang": "es", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2 y 2.3 es vulnerable a la exposici\u00f3n de informaci\u00f3n y a otros ataques debido a un mapa de origen de JavaScript expuesto que podr\u00eda ayudar a un atacante a leer y depurar JavaScript utilizado en la API de la aplicaci\u00f3n."}], "id": "CVE-2024-38327", "lastModified": "2025-07-23T19:04:06.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-10T15:15:25.833", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7234122"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-540"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}