Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM047964E9ACEEF2FDC287A55B7EEE4F7E9F31D0D449F951AF043EB2F8C0E67A8B
HistoryAug 18, 2023 - 8:23 a.m.

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268

2023-08-1808:23:41
www.ibm.com
22
ibm cloud pak
automation assets
vulnerability
couchdb
cve-2023-26268
remote attack
upgrade
ibm documentation

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

23.6%

JSON

Summary

Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 with details below.

Vulnerability Details

CVEID:CVE-2023-26268
**DESCRIPTION:**Apache CouchDB could allow a remote authenticated attacker to obtain sensitive information, caused by the sharing of a mutable Javascript environment when using multiple design document functions. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256377 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Automation Assets in IBM Cloud Pak for Integration (CP4I) 2021.2.1
2021.4.1
2022.2.1

Remediation/Fixes

Automation Assets version****in IBM Cloud Pak for Integration

Upgrade Automation Assets Operator to 2022.2.1-11 using the Operator upgrade process described in the IBM Documentation

<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2022.2?topic=capabilities-upgrading-automation-assets&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_automationMatch2021.2.12021.4.12022.2.1
VendorProductVersionCPE
ibmcloud_pak_for_automation2021.2.12021.4.12022.2.1cpe:2.3:a:ibm:cloud_pak_for_automation:2021.2.12021.4.12022.2.1:*:*:*:*:*:*:*

Related

osv 2
freebsd 1
nessus 2
openvas 2
cvelist 1
nvd 1
ubuntucve 1
prion 1
ibm 2
cnvd 1
cve 1
osv
osv
CVE-2023-26268
2023-05-02 21:15:09
BIT-couchdb-2023-26268
2024-03-06 10:51:14
freebsd
freebsd
couchdb -- information sharing via couchjs processes
2023-05-02 00:00:00
nessus
nessus
FreeBSD : couchdb -- information sharing via couchjs processes (fd47fcfe-ec69-4000-b9ce-e5e62102c1c7)
2023-12-17 00:00:00
Apache CouchDB < 3.2.3 / 3.3.x < 3.3.2 Information Disclosure
2023-05-04 00:00:00
openvas
openvas
Apache CouchDB <= 3.2.2, 3.3.x <= 3.3.1 Information Disclosure Vulnerability - Windows
2023-05-10 00:00:00
Apache CouchDB <= 3.2.2, 3.3.x <= 3.3.1 Information Disclosure Vulnerability - Linux
2023-05-10 00:00:00
cvelist
cvelist
CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
2023-05-02 20:06:09
nvd
nvd
CVE-2023-26268
2023-05-02 21:15:09
ubuntucve
ubuntucve
CVE-2023-26268
2023-05-02 00:00:00
prion
prion
Code injection
2023-05-02 21:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality due to [CVE-2023-26268]
2023-08-24 15:11:36
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
2024-02-28 21:30:18
cnvd
cnvd
Apache CouchDB Information Disclosure Vulnerability
2023-05-08 00:00:00
cve
cve
CVE-2023-26268
2023-05-02 21:15:09

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

23.6%

JSON
Related for 047964E9ACEEF2FDC287A55B7EEE4F7E9F31D0D449F951AF043EB2F8C0E67A8B
osv2freebsd1nessus2openvas2cvelist1nvd1ubuntucve1prion1ibm2cnvd1cve1