CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.0%
Potential ETCD logs Information disclosure vulnerabilitiy CVE-2023-40694 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information.
CVEID:CVE-2023-40694
**DESCRIPTION:**IBM Watson CP4D Data Store stores potentially sensitive information in log files that could be read by a local user.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264838 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Watson CP4D Data Stores | 4.0.0 - 4.8.4 |
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest release (v4.8.5 or later releases) of IBM Watson CP4D Data Stores which maintains backward compatibility with the versions listed above.
Product Latest Version | Remediation/Fix/Instructions |
---|---|
IBM Watson CP4D Data Stores 4.8.5 |
Follow instructions for Installing IBM Watson CP4D Data Stores in Link to Release (v4.8.5 release information)
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | watson_cp4d_data_stores | * | cpe:2.3:a:ibm:watson_cp4d_data_stores:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.0%