{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-38327","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-06-13T21:43:59.170Z","datePublished":"2025-07-10T14:14:40.562Z","dateUpdated":"2025-08-18T01:35:53.589Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:analytics_content_hub:2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:analytics_content_hub:2.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:analytics_content_hub:2.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:analytics_content_hub:2.3:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Analytics Content Hub","vendor":"IBM","versions":[{"status":"affected","version":"2.0, 2.1, 2.2, 2.3"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API."}],"value":"IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-540","description":"CWE-540 Inclusion of Sensitive Information in Source Code","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-18T01:35:53.589Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7234122"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Analytics Content Hub  2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4<br>"}],"value":"IBM Analytics Content Hub  2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Analytics Content Hub information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-10T20:15:33.856479Z","id":"CVE-2024-38327","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-10T20:15:42.916Z"}}]}}