CVE-2024-38327

Medium

Published: 10 July 2025

Published

10 July 2025

Modified

23 July 2025

KEV Added

—

Patch

—

CVSS Score 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.6th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38327 is a medium-severity Inclusion of Sensitive Information in Source Code (CWE-540) vulnerability in Ibm Analytics Content Hub. Its CVSS base score is 6.8 (Medium).

Operationally, ranked at the 40.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

IR-9 Information Spillage Response

addresses: CWE-540

Detection and removal of spilled information addresses cases where sensitive data was included in source code.

SA-21 Developer Screening

addresses: CWE-540

Screening helps prevent intentional insertion of sensitive information into source code by untrusted developers.

SC-38 Operations Security

addresses: CWE-540

Prevents inclusion of sensitive information in source code and development artifacts through SDLC-wide OPSEC controls.

NVD Description

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.

Deeper analysisAI

IBM Analytics Content Hub versions 2.0, 2.1, 2.2, and 2.3 are affected by CVE-2024-38327, a vulnerability involving information exposure through an exposed JavaScript source map. This exposure allows potential attackers to read and debug the JavaScript code used in the application's API, facilitating further attacks. The issue is classified under CWE-540 and has a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with high impacts on confidentiality, integrity, and availability.

Exploitation requires network access, low attack complexity, high privileges (PR:H), and user interaction (UI:R). A privileged user, such as an authenticated administrator or similar role, could be targeted to access the exposed source map, enabling them to analyze and reverse-engineer the API's JavaScript logic. Successful exploitation could lead to significant information disclosure and subsequent attacks, potentially compromising the confidentiality, integrity, and availability of the application.

IBM has published an advisory detailing the vulnerability at https://www.ibm.com/support/pages/node/7234122, which security practitioners should consult for specific mitigation steps, such as applying patches or configuration changes to prevent source map exposure.

Details

CWE(s): CWE-540 NVD-CWE-noinfo

Affected Products

ibm

analytics content hub

2.0 — 2.4

CVEs Like This One

CVE-2024-39750Same product: Ibm Analytics Content Hub

CVE-2024-39752Same product: Ibm Analytics Content Hub

CVE-2024-56340Same vendor: Ibm

CVE-2024-43187Same vendor: Ibm

CVE-2025-0162Same vendor: Ibm

CVE-2024-28766Same vendor: Ibm

CVE-2025-14480Same vendor: Ibm

CVE-2024-25034Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2025-3320Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7234122
Vendor Advisory · psirt@us.ibm.com