CVE-2023-50940

EPSS 0.04%
Published 02.02.2024 01:15:08
Last modified 21.11.2024 08:37:34
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.  IBM X-Force ID:  275130.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Powersc Version1.3

Ibm ≫ Powersc Version2.0

Ibm ≫ Powersc Version2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

CWE-942 Permissive Cross-domain Policy with Untrusted Domains

The product uses a cross-domain policy file that includes domains that should not be trusted.

https://www.ibm.com/support/pages/node/7113759

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/275130

Vendor Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2023-50940

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50940

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50940

EUVD