8.8

CVE-2023-40683

EPSS 0.02%
Published 19.01.2024 01:15:08
Last modified 21.11.2024 08:19:57
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application.  IBM X-Force ID:  264005.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Openpages With Watson Version >= 8.3 < 8.3.0.2.7

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Openpages With Watson Version9.0

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://exchange.xforce.ibmcloud.com/vulnerabilities/264005

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/7107774

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40683

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40683

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40683

EUVD