CVE-2023-35022 — Improper Authorization in IBM Infosphere Information Server

CWE-285 — Improper Authorization3 documents3 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 98.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedJun 30

Description

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/infosphere_information_server11.7

▶NVDibm/infosphere_information_server11.7

🔴Vulnerability Details

GHSA

GHSA-crv7-mhxq-6c8r: IBM InfoSphere Information Server 11↗2024-06-30

▶

CVEList

IBM InfoSphere Information Server improper authentication↗2024-06-30

▶