8.8

CVE-2023-40683

EPSS 0.02%
Veröffentlicht 19.01.2024 01:15:08
Zuletzt bearbeitet 21.11.2024 08:19:57
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application.  IBM X-Force ID:  264005.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Openpages With Watson Version >= 8.3 < 8.3.0.2.7

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Ibm ≫ Openpages With Watson Version9.0

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://exchange.xforce.ibmcloud.com/vulnerabilities/264005

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/7107774

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40683

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40683

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40683

EUVD