FKIE_CVE-2023-50959

Vulnerability from fkie_nvd - Published: 2024-03-31 12:15 - Updated: 2024-11-21 08:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/275938VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7145492Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/275938VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7145492Vendor Advisory
Impacted products
Vendor Product Version
ibm cloud_pak_for_business_automation 18.0.0
ibm cloud_pak_for_business_automation 18.0.1
ibm cloud_pak_for_business_automation 18.0.2
ibm cloud_pak_for_business_automation 19.0.1
ibm cloud_pak_for_business_automation 19.0.2
ibm cloud_pak_for_business_automation 19.0.3
ibm cloud_pak_for_business_automation 20.0.1
ibm cloud_pak_for_business_automation 20.0.2
ibm cloud_pak_for_business_automation 20.0.3
ibm cloud_pak_for_business_automation 21.0.1
ibm cloud_pak_for_business_automation 21.0.2
ibm cloud_pak_for_business_automation 21.0.3
ibm cloud_pak_for_business_automation 22.0.1
ibm cloud_pak_for_business_automation 22.0.2
ibm cloud_pak_for_business_automation 23.0.1
ibm cloud_pak_for_business_automation 23.0.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D419EF8-4D41-4FBE-A41B-9F9EAF7F72EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27956AA-CCEE-4073-A8D7-D1B9575EE25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A70646-ADD3-4CF7-A591-8BE96FBEF5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6CB2C4-800F-487A-B0E5-8A0A9718549D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52711AA-0F11-47E7-8EE8-6B8D65403F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE2C6F84-C83F-4AE1-B0A7-740568F52C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC8A641D-B7AB-41FA-AFDB-2C8EBDA6A1A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "250AC4D5-1D25-4EEE-B1CA-AA8E104BBF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C5B7FA4-A27C-40CA-AA53-183909D18C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "BA799229-3577-409F-BFCC-0ABA541EA710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "01632D44-1A4A-4C1A-A19D-8E815617B905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "0EA264AE-2691-4C84-BAB6-82BEECC7435F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account.  IBM X-Force ID:  275938."
    },
    {
      "lang": "es",
      "value": "IBM Cloud Pak para automatizaci\u00f3n empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.0.2 pueden permitir a los usuarios finales consultar m\u00e1s documentos de los esperados desde un sistema de gesti\u00f3n de contenido empresarial conectado cuando se configura para usar una cuenta del sistema. ID de IBM X-Force: 275938."
    }
  ],
  "id": "CVE-2023-50959",
  "lastModified": "2024-11-21T08:37:36.643",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-31T12:15:50.130",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275938"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7145492"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-497"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.