9.8
CVE-2023-50940
- EPSS 0.46%
- Veröffentlicht 02.02.2024 01:15:08
- Zuletzt bearbeitet 21.11.2024 08:37:34
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM PowerSC cross-resource origin sharing
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.361 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-697 Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect.
CWE-942 Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
https://www.ibm.com/support/pages/node/7113759
https://exchange.xforce.ibmcloud.com/vulnerabilities/275130