Lucene search

IbmCVELIST:CVE-2023-27291

HistoryMar 03, 2024 - 3:39 p.m.

CVE-2023-27291 IBM Watson CP4D Data Stores information disclosure

2024-03-0315:39:55

CWE-319

ibm

www.cve.org

ibm watson

cp4d data stores

information disclosure

sensitive information

encryption

ibm x-force id

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

9.0%

JSON

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Watson CP4D Data Stores",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.6.0, 4.6.1, 4.6.2, 4.6.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/248740

www.ibm.com/support/pages/node/6965458

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-27291