Lucene search

IbmCVELIST:CVE-2023-30444

HistoryApr 27, 2023 - 12:52 p.m.

CVE-2023-30444 IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery

2023-04-2712:52:10

CWE-918

ibm

www.cve.org

ibm

cloud pak for data

ssrf

vulnerability

x-force

server-side requestforgery

ibm watson machine learning

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Watson Machine Learning on Cloud Pak for Data",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.0, 4.5"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/6985859

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVELIST:CVE-2023-30444