Lucene search

IbmCVELIST:CVE-2023-28522

HistoryMay 12, 2023 - 1:22 a.m.

CVE-2023-28522 IBM API Connect improper access control

2023-05-1201:22:58

ibm

www.cve.org

ibm

api connect

access control

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "API Connect",
    "vendor": "IBM",
    "versions": [
      {
        "lessThan": "10.0.5.1",
        "status": "affected",
        "version": "10.0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.0.1.9",
        "status": "affected",
        "version": "10.0.1.4",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/250585

www.ibm.com/support/pages/node/6965612

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVELIST:CVE-2023-28522