Lucene search

IbmCVE-2023-25927

HistoryMay 12, 2023 - 6:15 p.m.

CVE-2023-25927

2023-05-1218:15:09

CWE-20

ibm

web.nvd.nist.gov

ibm

security

verify access

cve-2023-25927

vulnerability

webseald

http requests

ibm x-force

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

26.8%

JSON

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.

Affected configurations

Nvd

Vulners

Node

ibmsecurity_verify_accessMatch10.0.0

ibmsecurity_verify_accessMatch10.0.1

ibmsecurity_verify_accessMatch10.0.2

ibmsecurity_verify_accessMatch10.0.3

ibmsecurity_verify_accessMatch10.0.4

ibmsecurity_verify_accessMatch10.0.5

VendorProductVersionCPE
ibmsecurity_verify_access10.0.0cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
ibmsecurity_verify_access10.0.1cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*
ibmsecurity_verify_access10.0.2cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*
ibmsecurity_verify_access10.0.3cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*
ibmsecurity_verify_access10.0.4cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*
ibmsecurity_verify_access10.0.5cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_verify_access	10.0.0	cpe:2.3:a:ibm:security_verify_access:10.0.0:::::::*
ibm	security_verify_access	10.0.1	cpe:2.3:a:ibm:security_verify_access:10.0.1:::::::*
ibm	security_verify_access	10.0.2	cpe:2.3:a:ibm:security_verify_access:10.0.2:::::::*
ibm	security_verify_access	10.0.3	cpe:2.3:a:ibm:security_verify_access:10.0.3:::::::*
ibm	security_verify_access	10.0.4	cpe:2.3:a:ibm:security_verify_access:10.0.4:::::::*
ibm	security_verify_access	10.0.5	cpe:2.3:a:ibm:security_verify_access:10.0.5:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Access",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/247635

https://www.ibm.com/support/pages/node/6989653

www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

26.8%

JSON

Related for CVE-2023-25927