IBMC92F472729792FC218F6B236C6AAF4B0F8793DF6129725E0BB382223F169D1EFSecurity Bulletin: crypto-js affects IBM Spectrum Control [CVE-2023-46233]
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.6%
Summary
crypto-js is vulnerable to a remote attacker to obtain sensitive information. This vulnerability affects IBM Spectrum Control. This bulletin identifies the steps to take to address the vulnerability.
Vulnerability Details
CVEID:CVE-2023-46233
**DESCRIPTION:**Brix crypto-js could allow a remote attacker to obtain sensitive information, caused by the use of a weak cryptographic hash algorithm. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269753 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Control | 5.4 |
Remediation/Fixes
| Release | First Fixing VRM Level | ** Link to Fix** |
|---|---|---|
| 5.4 | 5.4.11 | <https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control> |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum control | eq | 5.4 |
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.6%