Lucene search

IbmCVE-2023-46175

HistorySep 26, 2024 - 2:15 p.m.

CVE-2023-46175

2024-09-2614:15:07

CWE-532

ibm

web.nvd.nist.gov

cve-2023-46175

ibm cloud pak

multicloud management

information disclosure

user credentials

log file.

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.

Affected configurations

Vulners

Node

ibmcloud_pak_for_multicloud_managementRange2.3–2.3

VendorProductVersionCPE
ibmcloud_pak_for_multicloud_management*cpe:2.3:a:ibm:cloud_pak_for_multicloud_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cloud_pak_for_multicloud_management	*	cpe:2.3:a:ibm:cloud_pak_for_multicloud_management::::::::

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:cloud_pak_for_multicloud_management_monitoring:2.3.0:-:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_multicloud_management_monitoring:2.3.0:fixpack8:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Multicloud Management",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "2.3 FP8",
        "status": "affected",
        "version": "2.3",
        "versionType": "semver"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/7170411

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

Related for CVE-2023-46175