exploitDog

CVE-2023-38019

Опубликовано: 02 фев. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 6.5

EPSS Низкий

Описание

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/260575
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7111679
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/260575
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7111679
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 5.0.3 (исключая)

EPSS

Процентиль: 23%

0.00079

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-fx38-3h42-mwm8

CVSS3: 8.1

github

около 2 лет назад

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.

EPSS

Процентиль: 23%

0.00079

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-22