CVE-2023-26282

IBM Watson CP4D Data Stores file modificiation

Severity Score

4.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415.

IBM Watson CP4D Data Stores 4.6.0 a 4.6.3 podría permitir que un usuario con acceso físico y conocimiento específico del sistema modifique archivos o datos en el sistema. ID de IBM X-Force: 248415.

*Credits: N/A

CVSS Scores

IBM Corporationv3.1 4.2

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-02-21 CVE Reserved
2024-03-05 CVE Published
2024-03-06 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-73: External Control of File Name or Path

CAPEC

References (2)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/248415	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://https://www.ibm.com/support/pages/node/6965452	2024-03-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
IBM Search vendor "IBM"		Watson CP4D Data Stores Search vendor "IBM" for product "Watson CP4D Data Stores"				>= 4.6.0 <= 4.6.3 Search vendor "IBM" for product "Watson CP4D Data Stores" and version " >= 4.6.0 <= 4.6.3"		en		Affected