CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
14.1%
IBM has addressed the CVE
**CVEID:**CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICU_DATA environment variable, an attacker could exploit this vulnerability to search and potentially load ICU data.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247694 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM DataPower Gateway 10.0.1 | 10.0.1.0 - 10.0.1.12 |
IBM DataPower Gateway 10.5.0 | 10.5.0.0 - 10.5.0.4 |
Affected Product | Fixed in version | APAR |
---|---|---|
IBM DataPower Gateway 10.5.0 | IBM DataPower Gateway 10.5.0.5 | IT43661 |
IBM DataPower Gateway 10.0.1 | IBM DataPower Gateway 10.0.1.13 | IT43661 |
Customers using older releases may upgrade free of charge to 10.5 or 10.0.1 |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | datapower_gateway | 10.5.0 | cpe:2.3:a:ibm:datapower_gateway:10.5.0:*:*:*:*:*:*:* |
ibm | datapower_gateway | 10.0.1 | cpe:2.3:a:ibm:datapower_gateway:10.0.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
14.1%