How severe is CVE-2024-31905?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-31905?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2024-31905

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-311

View all →

Vulnerability Description

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.

CVE-2016-10597

MEDIUM

CVSS:5.9(Medium)

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10613

MEDIUM

CVSS:5.9(Medium)

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10630

MEDIUM

CVSS:5.9(Medium)

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2017-16041

MEDIUM

CVSS:5.9(Medium)

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112017

CVE-2017-6297

MEDIUM

CVSS:5.9(Medium)

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain ...

CWE-3112017

CVE-2017-9045

MEDIUM

CVSS:5.9(Medium)

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof F...

CWE-3112017

CVE-2024-31905

Vulnerability Description

Related Vulnerabilities

CVE-2016-10597

CVE-2016-10613

CVE-2016-10630

CVE-2017-16041

CVE-2017-6297

CVE-2017-9045