7.5
CVE-2023-46186
- EPSS 0.09%
- Veröffentlicht 14.02.2024 15:15:08
- Zuletzt bearbeitet 21.11.2024 08:28:02
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Jazz for Service Management information disclosure
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Jazz For Service Management Version1.1.3.20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.262 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.