CVE-2024-39752

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7234122	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:analytics_content_hub:*:*:*:*:*:*:*:*

History

23 Jul 2025, 19:05

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:analytics_content_hub::::::::
First Time		Ibm analytics Content Hub Ibm
References	~~() https://www.ibm.com/support/pages/node/7234122 -~~	() https://www.ibm.com/support/pages/node/7234122 - Vendor Advisory

15 Jul 2025, 13:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 15:15

Updated : 2025-07-23 19:05

NVD link : CVE-2024-39752

Mitre link : CVE-2024-39752

CVE.ORG link : CVE-2024-39752

JSON object : View

Products Affected

ibm

analytics_content_hub

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-39752", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-10T15:15:26.000", "references": [{"url": "https://www.ibm.com/support/pages/node/7234122", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."}, {"lang": "es", "value": "IBM Analytics Content Hub 2.0, 2.1, 2.2 y 2.3 podr\u00eda ser vulnerable a la carga de archivos maliciosos al no validar el tipo de archivo cargado en Explore Content. Los atacantes pueden aprovechar esta vulnerabilidad y cargar archivos ejecutables maliciosos en el sistema, que pueden enviarse a la v\u00edctima para realizar nuevos ataques."}], "lastModified": "2025-07-23T19:05:00.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:analytics_content_hub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76CDE13-C1D2-45A6-BEBB-30FD2C1EF4FA", "versionEndExcluding": "2.4", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}