IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7107774 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Jan 2024, 21:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
First Time |
Microsoft windows
Linux linux Kernel Ibm openpages With Watson Ibm Microsoft Linux |
|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7107774 - Patch, Vendor Advisory |
19 Jan 2024, 01:51
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-19 01:15
Updated : 2024-01-24 21:25
NVD link : CVE-2023-40683
Mitre link : CVE-2023-40683
CVE.ORG link : CVE-2023-40683
JSON object : View
Products Affected
microsoft
- windows
linux
- linux_kernel
ibm
- openpages_with_watson
CWE
CWE-264
Permissions, Privileges, and Access Controls