CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
41.1%
IBM Safer Payments had older TLS 1.0 and TLS 1.1 protocols enabled by default. These protocols are now disabled.
CVEID:CVE-2023-27557
**DESCRIPTION:**IBM Counter Fraud Management for Safer Payments uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249192 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s): IBM Safer Payments
Version(s): 6.1.0.00 - 6.1.1.02, 6.2.0.00 - 6.2.2.02, 6.3.0.00 - 6.3.1.02, 6.4.0.00 - 6.4.2.01, and 6.5.0.00
Update IBM Safer Payments to version 6.1.1.03, 6.2.2.03, 6.3.1.03, 6.4.2.02, 6.5.0.01 or higher.
Refer to the IBM Safer Payments documentation to download the updates.
Configure IBM Safer Payments to reject TLS versions 1.0 and 1.1. Refer to the implementation guides.
IBM Safer Payments 6.1: <https://www.ibm.com/docs/en/safer-payments/6.1?topic=configuration-configure-ssl-encryption>
IBM Safer Payments 6.2: <https://www.ibm.com/docs/en/safer-payments/6.2?topic=configuration-configure-ssl-encryption>
IBM Safer Payments 6.3: <https://www.ibm.com/docs/en/safer-payments/6.3?topic=configuration-configure-ssl-encryption>
IBM Safer Payments 6.4: <https://www.ibm.com/docs/en/safer-payments/6.4?topic=configuration-configuring-ssl-encryption>
IBM Safer Payments 6.5: <https://www.ibm.com/docs/en/safer-payments/6.5?topic=configuration-configuring-ssl-encryption>
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | safer_payments | 6.1 | cpe:2.3:a:ibm:safer_payments:6.1:*:*:*:*:*:*:* |
ibm | safer_payments | 6.2 | cpe:2.3:a:ibm:safer_payments:6.2:*:*:*:*:*:*:* |
ibm | safer_payments | 6.3 | cpe:2.3:a:ibm:safer_payments:6.3:*:*:*:*:*:*:* |
ibm | safer_payments | 6.4 | cpe:2.3:a:ibm:safer_payments:6.4:*:*:*:*:*:*:* |
ibm | safer_payments | 6.5 | cpe:2.3:a:ibm:safer_payments:6.5:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
41.1%