CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
Potential Golang Go directory transversal vulnerabilitiy.(CVE-2023-45283) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information.
CVEID:CVE-2023-45283
**DESCRIPTION:**Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix as a Root Local Device path prefix in the filepath and safefilepath package. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270990 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Watson CP4D Data Stores | 4.0.0 - 4.8.5 |
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest release (v5.0 or later releases) of IBM Watson CP4D Data Stores which maintains backward compatibility with the versions listed above.
Product Latest Version | Remediation/Fix/Instructions |
---|---|
IBM Watson CP4D Data Stores 5.0 |
Follow instructions for Installing IBM Watson CP4D Data Stores in Link to Release (v5.0 or later releases) release information.
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.0.x
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | watson_cp4d_data_stores | * | cpe:2.3:a:ibm:watson_cp4d_data_stores:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low