CVE-2023-38367

Опубликовано: 29 фев. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/261130
Vendor Advisory
https://www.ibm.com/support/pages/node/7015271
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/261130
Vendor Advisory
https://www.ibm.com/support/pages/node/7015271
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_0012:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_007:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_008:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_009:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_010:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_011:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_012:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_021:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_022:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-287

Связанные уязвимости

GHSA-6hmj-wm73-g83p