CVE-2024-40684

MEDIUM
Published May 27, 2026 Modified May 27, 2026 CWE-521

Description

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

CVSS v3.1 Score

5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

CWE-521 CWE-521

References

Frequently Asked Questions

What is CVE-2024-40684? +
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. It has a CVSS v3.1 base score of 5.9 (MEDIUM).
How severe is CVE-2024-40684? +
CVE-2024-40684 has a CVSS v3.1 score of 5.9 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
How do I check if I'm vulnerable to CVE-2024-40684? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-34058

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After …
CVE-2025-9964

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console …
CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through …
CVE-2023-49238 9.8

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain …
CVE-2025-27663 9.8

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.
CVE-2025-25211 9.8

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-40684 — free, no signup required.

Start Free Scan