Lucene search

IbmVULNRICHMENT:CVE-2023-50306

HistoryFeb 20, 2024 - 1:51 p.m.

CVE-2023-50306 IBM Common Licensing information disclosure

2024-02-2013:51:27

CWE-204

ibm

github.com

ibm

common licensing

username enumeration

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "Common Licensing",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/273337

www.ibm.com/support/pages/node/7120660

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

3.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-50306