CVE-2023-27291 — Cleartext Transmission of Sensitive Info in IBM Watson Cp4d Data Stores

CWE-319 — Cleartext Transmission of Sensitive Info CWE-311 — Missing Encryption of Sensitive Data3 documents3 sources

Severity

7.5HIGHNVD

CNA4.5

EPSS

0.0%

top 91.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Watson Cp4d Data Stores

Timeline

PublishedMar 3

Description

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/watson_cp4d_data_stores4.6.0, 4.6.1, 4.6.2, 4.6.3

▶NVDibm/watson_cp4d_data_stores4 versions+3

🔴Vulnerability Details

CVEList

IBM Watson CP4D Data Stores information disclosure↗2024-03-03

▶

GHSA

GHSA-6676-v756-p52p: IBM Watson CP4D Data Stores 4↗2024-03-03

▶