Lucene search

IbmVULNRICHMENT:CVE-2023-50957

HistoryFeb 10, 2024 - 3:30 p.m.

CVE-2023-50957 IBM Storage Defender - Resiliency Service privilege escalation

2024-02-1015:30:55

CWE-312

ibm

github.com

ibm

storage defender

resiliency service

privilege escalation

cve-2023-50957

x-force

unauthorized actions

encrypted data

clear text key storage

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

References

exchange.xforce.ibmcloud.com/vulnerabilities/275783

www.ibm.com/support/pages/node/7115261

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-50957