Lucene search

K
ibmIBM2A7EFF97D69FC5F0806BA1E7116C527A5A7E1405D92E049F6C793F60C872D1A5
HistoryMar 08, 2024 - 4:54 p.m.

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2023-45143)

2024-03-0816:54:11
www.ibm.com
9
ibm decision optimization
cloud pak for data
vulnerability
upgrade
version 4.8
node.js
undici module
remote authenticated attacker
sensitive information
cookie header
cross-origin redirect

3.9 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

6.1 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

Summary

There is a vulnerability in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2023-45143
**DESCRIPTION:**Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to clear cookie header on cross-origin redirect in fetch. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain cookie header information, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268649 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Decision Optimization for Cloud Pak for Data All

Remediation/Fixes

Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 4.8 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatchany

3.9 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

6.1 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%