CVE•Published 2026-05-27•Modified 2026-06-05•0 articles on news•6 live references•NVD data

CVE-2024-40684Ibm · Operations_analytics_log_analysis

Vulnerability data via NVD (ingested)

CVSS v3.1

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS percentile

11

Exploit Prediction Scoring System · top 89% of all CVEs

Weaknesses (CWE)

CWE-521Weak Password Requirements

Description

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Timeline

Published 2026-05-27

Modified 2026-06-05

External references

NVD MITRE Exploit-DB GitHub PoC Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2024-40684

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product + version

product:"Ibm Operations Analytics Log Analysis" version:"1.3.5.0"

Version-pinned fingerprint from NVD's first vulnerable CPE.

Shodan · banner/body mention

http.html:"Operations Analytics Log Analysis"

HTTP body or banner mentions "Operations Analytics Log Analysis" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

vuln:CVE-2024-40684

Country / ASN / product breakdown for the vuln query.

vulnerabilities.cve_id: CVE-2024-40684

Censys host search filtered to this CVE id.

CVE-2024-40684

Public source-code mentions — fast PoC discovery.

CVE-2024-40684

GitHub code search for direct mentions.

"CVE-2024-40684" exploit -site:nvd.nist.gov

Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2024-406848 repos

Mr-xn/Penetration_Testing_POCHTML

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…

★ 7,376·updated today

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\S…

★ 5,291·updated 1y ago

Threekiii/Awesome-POCJava

一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

★ 5,023·updated 4w ago

0xMarcio/cvePython

Latest CVEs with their Proof of Concept exploits.

★ 1,303·updated today

GhostTroops/TOPShell

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

★ 730·updated today

Ostorlab/KEVunknown

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

★ 612·updated 2mo ago

tijldeneut/SecurityPython

General Security Scripts

★ 150·updated 2mo ago

J1ezds/Vulnerability-Wiki-pageHTML

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目

★ 13·updated 4w ago

We haven't classified any articles referencing CVE-2024-40684 yet. The external references above still apply.