CVE-2023-38738

Опубликовано: 19 янв. 2024

Источник: nvd

CVSS3: 6.8

CVSS3: 8.1

EPSS Низкий

Описание

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/262594
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7107775
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/262594
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7107775
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*

Версия от 8.3 (включая) до 8.3.0.2.7 (исключая)

cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00057

Низкий

6.8 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-257

Связанные уязвимости

GHSA-p56m-3v53-439x

CVSS3: 6.8

github

около 2 лет назад

EPSS

Процентиль: 18%

0.00057

Низкий

6.8 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-257