Lucene search

[email protected]CVE-2023-50954

HistoryJun 30, 2024 - 5:15 p.m.

CVE-2023-50954

2024-06-3017:15:02

CWE-598

[email protected]

web.nvd.nist.gov

ibm

infosphere information server

sensitive information

url

security vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.

Affected configurations

Vulners

Node

ibminfosphere_information_serverMatch11.7

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "InfoSphere Information Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.7"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/275776

www.ibm.com/support/pages/node/7158597

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

Related for CVE-2023-50954

ibm1 nvd1 cvelist1