CVE-2023-26026

CWE-200 — Information Exposure CWE-532 — Log File Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 75.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Planning Analytics Cartridge FOR Cloud PAK FOR Data IBM Cloud PAK FOR Data

Timeline

PublishedJul 19

Description

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/planning_analytics_cartridge_for_cloud_pak_for_data4.0

▶NVDibm/cloud_pak4.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure↗2023-07-19

▶

GHSA

GHSA-37r4-959h-qq8j: Planning Analytics Cartridge for Cloud Pak for Data 4↗2023-07-19

▶