CVE-2023-40683
IBM OpenPages with Watson privilege escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.
IBM OpenPages con Watson 8.3 y 9.0 podría permitir a un atacante remoto eludir las restricciones de seguridad causadas por comprobaciones de autorización insuficientes. Al autenticarse como usuario de OpenPages y utilizar API no públicas, un atacante podría aprovechar esta vulnerabilidad para eludir la seguridad y obtener acceso administrativo no autorizado a la aplicación. ID de IBM X-Force: 264005.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-18 CVE Reserved
- 2024-01-19 CVE Published
- 2024-01-25 EPSS Updated
- 2024-09-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-285: Improper Authorization
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.ibm.com/support/pages/node/7107774 | 2024-01-24 |
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 | 2024-01-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Openpages With Watson Search vendor "Ibm" for product "Openpages With Watson" | >= 8.3 < 8.3.0.2.7 Search vendor "Ibm" for product "Openpages With Watson" and version " >= 8.3 < 8.3.0.2.7" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Openpages With Watson Search vendor "Ibm" for product "Openpages With Watson" | >= 8.3 < 8.3.0.2.7 Search vendor "Ibm" for product "Openpages With Watson" and version " >= 8.3 < 8.3.0.2.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Openpages With Watson Search vendor "Ibm" for product "Openpages With Watson" | 9.0 Search vendor "Ibm" for product "Openpages With Watson" and version "9.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Openpages With Watson Search vendor "Ibm" for product "Openpages With Watson" | 9.0 Search vendor "Ibm" for product "Openpages With Watson" and version "9.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|