CVE-2023-26282External Control of File Name or Path in IBM Watson Cp4d Data Stores

CWE-73External Control of File Name or Path3 documents3 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 93.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Watson Cp4d Data Stores
Timeline
PublishedMar 5

Description

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/watson_cp4d_data_stores4.6.04.6.3
NVDibm/watson_cp4d_data_stores4.6.04.6.3

🔴Vulnerability Details

2
CVEList
IBM Watson CP4D Data Stores file modificiation2024-03-05
GHSA
GHSA-xv72-qgpm-8gw4: IBM Watson CP4D Data Stores 42024-03-05
CVE-2023-26282 — External Control of File Name or Path | cvebase