5.3
CVE-2023-50954
- EPSS 0.36%
- Veröffentlicht 30.06.2024 17:15:02
- Zuletzt bearbeitet 21.11.2024 08:37:36
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Infosphere Information Server Version11.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.272 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| psirt@us.ibm.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
https://exchange.xforce.ibmcloud.com/vulnerabilities/275776
https://www.ibm.com/support/pages/node/7158597