CVE-2023-28512 — External Control of Assumed-Immutable Web Parameter in IBM Watson Cp4d Data Stores

CWE-472 — External Control of Assumed-Immutable Web Parameter3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 78.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Watson Cp4d Data Stores

Timeline

PublishedMar 3

Description

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/watson_cp4d_data_stores4.6.0, 4.6.1, 4.6.2

▶NVDibm/watson_cp4d_data_stores4.6.0, 4.6.1, 4.6.2+2

🔴Vulnerability Details

CVEList

IBM Watson CP4D Data Stores improper input validation↗2024-03-03

▶

GHSA

GHSA-7vmx-xjmr-5rwq: IBM Watson CP4D Data Stores 4↗2024-03-03

▶