CVE-2023-26024

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/247898	VDB Entry Vendor Advisory
https://https://www.ibm.com/support/pages/node/7082784	Broken Link
https://www.ibm.com/support/pages/node/7082784	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:planning_analytics_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-01 19:15

Updated : 2023-12-06 18:51

NVD link : CVE-2023-26024

Mitre link : CVE-2023-26024

CVE.ORG link : CVE-2023-26024

JSON object : View

Products Affected

ibm

planning_analytics_on_cloud_pak_for_data

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2023-26024", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-12-01T19:15:07.640", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247898", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://https://www.ibm.com/support/pages/node/7082784", "tags": ["Broken Link"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7082784", "tags": ["Vendor Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898."}, {"lang": "es", "value": "IBM Planning Analytics on Cloud Pak for Data 4.0 podr\u00eda permitir que un atacante en una red compartida obtenga informaci\u00f3n confidencial causada por una comunicaci\u00f3n de red insegura. ID de IBM X-Force: 247898."}], "lastModified": "2023-12-06T18:51:10.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:planning_analytics_on_cloud_pak_for_data:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "926BDD37-F861-4701-AFAD-E351C2F29F97"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}