Lucene search

IbmCVELIST:CVE-2023-28953

HistoryJul 10, 2023 - 12:17 a.m.

CVE-2023-28953 IBM Cognos Analytics on Cloud Pak for Data improper access control

2023-07-1000:17:30

ibm

www.cve.org

ibm

cognos analytics

cloud pak

data

security

vulnerability

misconfigured

containers

access control

system calls

ibm x-force id

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cognos Analytics Cartridge for Cloud Pak for Data",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/251465

security.netapp.com/advisory/ntap-20230814-0001/

www.ibm.com/support/pages/node/7006413

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for CVELIST:CVE-2023-28953