CVE-2023-38372

{"id": "CVE-2023-38372", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-02-29T01:40:10.700", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261201", "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7020635", "source": "psirt@us.ibm.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201."}, {"lang": "es", "value": "Un atacante no autorizado que haya obtenido un token de autenticaci\u00f3n de seguridad de IBM Watson IoT Platform 1.0 puede utilizarlo para hacerse pasar por un usuario de plataforma autorizado. ID de IBM X-Force: 261201."}], "lastModified": "2024-02-29T13:49:47.277", "sourceIdentifier": "psirt@us.ibm.com"}