Описание
IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
4.7 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-269
Связанные уязвимости
github
больше 3 лет назад
IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.
EPSS
Процентиль: 27%
0.00098
Низкий
4.7 Medium
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-269