Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAFC238A345358DBC38B756077C169FC7FF809F8A55F1D67CE811A48B17152F1A
HistoryMar 22, 2023 - 10:43 p.m.

Security Bulletin: Watson CP4D Data Stores for Cloud Pak for Data does not encypt sensitive information before storage or transmission (CVE-2023-27291)

2023-03-2222:43:40
www.ibm.com
20
ibm
watson
cp4d
data stores
cloud pak for data
encryption
sensitive information
transmission
cve-2023-27291
vulnerability
fix
upgrade

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS

0

Percentile

9.0%

JSON

Summary

IBM Watson CP4D Data Stores does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information.

Vulnerability Details

CVEID:CVE-2023-27291
**DESCRIPTION:**IBM Watson CP4D Data Stores does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Watson CloudPak for Data Data Stores 4.6.0,4.6.1, 4.6.2, 4.6.3

Remediation/Fixes

Install CP4D services containing Watson CloudPak for Data Data Stores to version 4.6.4 or later

<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=assistant-upgrading&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_developer_cloudMatch4.6.0
OR
ibmwatson_developer_cloudMatch4.6.1
OR
ibmwatson_developer_cloudMatch4.6.2
OR
ibmwatson_developer_cloudMatch4.6.3
VendorProductVersionCPE
ibmwatson_developer_cloud4.6.0cpe:2.3:a:ibm:watson_developer_cloud:4.6.0:*:*:*:*:*:*:*
ibmwatson_developer_cloud4.6.1cpe:2.3:a:ibm:watson_developer_cloud:4.6.1:*:*:*:*:*:*:*
ibmwatson_developer_cloud4.6.2cpe:2.3:a:ibm:watson_developer_cloud:4.6.2:*:*:*:*:*:*:*
ibmwatson_developer_cloud4.6.3cpe:2.3:a:ibm:watson_developer_cloud:4.6.3:*:*:*:*:*:*:*

Related

cve 1
nvd 1
vulnrichment 1
cvelist 1
prion 1
cve
cve
CVE-2023-27291
2024-03-03 16:15:49
nvd
nvd
CVE-2023-27291
2024-03-03 16:15:49
vulnrichment
vulnrichment
CVE-2023-27291 IBM Watson CP4D Data Stores information disclosure
2024-03-03 15:39:55
cvelist
cvelist
CVE-2023-27291 IBM Watson CP4D Data Stores information disclosure
2024-03-03 15:39:55
prion
prion
Design/Logic Flaw
2024-03-03 16:15:00

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

EPSS

0

Percentile

9.0%

JSON
Related for AFC238A345358DBC38B756077C169FC7FF809F8A55F1D67CE811A48B17152F1A
cve1nvd1vulnrichment1cvelist1prion1