CVE-2023-50959

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/275938	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7145492	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:-::::::
	cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:-::::::

History

No history.

Information

Published : 2024-03-31 12:15

Updated : 2024-04-02 17:56

NVD link : CVE-2023-50959

Mitre link : CVE-2023-50959

CVE.ORG link : CVE-2023-50959

JSON object : View

Products Affected

ibm

cloud_pak_for_business_automation

CWE

NVD-CWE-Other CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2023-50959", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2024-03-31T12:15:50.130", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275938", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7145492", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938."}, {"lang": "es", "value": "IBM Cloud Pak para automatizaci\u00f3n empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.0.2 pueden permitir a los usuarios finales consultar m\u00e1s documentos de los esperados desde un sistema de gesti\u00f3n de contenido empresarial conectado cuando se configura para usar una cuenta del sistema. ID de IBM X-Force: 275938."}], "lastModified": "2024-04-02T17:56:18.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D419EF8-4D41-4FBE-A41B-9F9EAF7F72EE"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C27956AA-CCEE-4073-A8D7-D1B9575EE25C"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12A70646-ADD3-4CF7-A591-8BE96FBEF5A9"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF6CB2C4-800F-487A-B0E5-8A0A9718549D"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D52711AA-0F11-47E7-8EE8-6B8D65403F8A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE2C6F84-C83F-4AE1-B0A7-740568F52C04"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC8A641D-B7AB-41FA-AFDB-2C8EBDA6A1A7"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "250AC4D5-1D25-4EEE-B1CA-AA8E104BBF7B"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C5B7FA4-A27C-40CA-AA53-183909D18C13"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA799229-3577-409F-BFCC-0ABA541EA710"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01632D44-1A4A-4C1A-A19D-8E815617B905"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EA264AE-2691-4C84-BAB6-82BEECC7435F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}