CVE-2023-40683

Опубликовано: 19 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/264005
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7107774
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/264005
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7107774
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*

Версия от 8.3 (включая) до 8.3.0.2.7 (исключая)

cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

8.8 High

CVSS3

Дефекты

CWE-285

Связанные уязвимости

GHSA-5m9f-w8v4-rvgm