Lucene search
IbmCVE-2023-45187HistoryFeb 09, 2024 - 1:15 a.m.
CVE-2023-45187
2024-02-0901:15:08
CWE-613
ibm
web.nvd.nist.gov
26
ibm
engineering
lifecycle
optimization
publishing
security
vulnerability
session management
authentication
impersonation
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.001
Percentile
18.9%
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.
Affected configurations
Node
ibmengineering_lifecycle_optimizationMatch7.0.2
ORibmengineering_lifecycle_optimizationMatch7.0.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization | 7.0.2 | cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:* |
| ibm | engineering_lifecycle_optimization | 7.0.3 | cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.3:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Engineering Lifecycle Optimization - Publishing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3"
}
]
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2023-45187
2024-02-09 01:15:08
vulnrichment
vulnrichment
prion
prion
Code injection
2024-02-09 01:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.001
Percentile
18.9%
Related for CVE-2023-45187