CVE-2024-41763

Medium

Published: 04 January 2025

Published

04 January 2025

Modified

21 March 2025

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0005 14.6th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41763 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Engineering Lifecycle Optimization Publishing. Its CVSS base score is 5.9 (Medium).

Operationally, ranked at the 14.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-13 Cryptographic Protection good match

prevent

Directly requires implementation of cryptographic protections using compliant modules, protocols, and standards, preventing use of weaker-than-expected algorithms as in this CVE.

SC-28 Protection of Information at Rest good match

prevent

Mandates cryptographic mechanisms to protect confidentiality of sensitive information at rest, directly mitigating decryption risks from weak algorithms protecting such data.

SC-8 Transmission Confidentiality and Integrity partial match

prevent

Protects confidentiality of transmitted sensitive information using cryptographic mechanisms, addressing network-based decryption attacks enabled by weak algorithms.

NVD Description

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Deeper analysisAI

CVE-2024-41763 is a cryptographic weakness in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3, where weaker than expected cryptographic algorithms are used. This flaw, published on 2025-01-04, is categorized under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.

An unauthenticated attacker (PR:N) with network access (AV:N) could potentially exploit this vulnerability to decrypt highly sensitive information. The attack requires high complexity (AC:H) and no user interaction (UI:N), with no impact on integrity or availability, but successful exploitation would grant high-level access to confidential data (C:H) in an unchanged scope (S:U).

IBM provides details on the vulnerability, including mitigation and patch information, in their security advisory at https://www.ibm.com/support/pages/node/7180204.

Details

CWE(s): CWE-327

Affected Products

ibm

engineering lifecycle optimization publishing

7.0.2, 7.0.3

CVEs Like This One

CVE-2025-13916Same product: Linux Linux Kernel

CVE-2024-41766Same product: Ibm Engineering Lifecycle Optimization Publishing

CVE-2024-41767Same product: Ibm Engineering Lifecycle Optimization Publishing

CVE-2024-49779Same product: Linux Linux Kernel

CVE-2024-43178Same product: Linux Linux Kernel

CVE-2024-49781Same product: Linux Linux Kernel

CVE-2024-45643Same product: Linux Linux Kernel

CVE-2024-49782Same product: Linux Linux Kernel

CVE-2024-54171Same product: Linux Linux Kernel

CVE-2025-36258Same product: Linux Linux Kernel

References

https://www.ibm.com/support/pages/node/7180204
Vendor Advisory · psirt@us.ibm.com