7.5
CVE-2023-38372
- EPSS 0.08%
- Veröffentlicht 29.02.2024 01:40:10
- Zuletzt bearbeitet 14.02.2025 15:52:09
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Watson IoT Platform information disclosure
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Watson Iot Platform Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.233 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.