Lucene search

[email protected]NVD:CVE-2023-46177

HistoryDec 18, 2023 - 3:15 p.m.

CVE-2023-46177

2023-12-1815:15:08

CWE-22

[email protected]

web.nvd.nist.gov

ibm

mq appliance

directory traversal

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.2%

JSON

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.

Affected configurations

Nvd

Node

ibmmq_applianceMatch9.3.0.0continuous_delivery

ibmmq_applianceMatch9.3.0.0lts

VendorProductVersionCPE
ibmmq_appliance9.3.0.0cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:continuous_delivery:*:*:*
ibmmq_appliance9.3.0.0cpe:2.3:a:ibm:mq_appliance:9.3.0.0:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
ibm	mq_appliance	9.3.0.0	cpe:2.3:a:ibm:mq_appliance:9.3.0.0::::continuous_delivery:::
ibm	mq_appliance	9.3.0.0	cpe:2.3:a:ibm:mq_appliance:9.3.0.0::::lts:::

References

exchange.xforce.ibmcloud.com/vulnerabilities/269536

www.ibm.com/support/pages/node/7091235

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.2%

JSON

Related for NVD:CVE-2023-46177

ibm2 prion1 cvelist1 cve1