CVE-2023-40683 — Improper Authorization in IBM Openpages With Watson

CWE-285 — Improper Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 93.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Openpages With Watson

Timeline

PublishedJan 19

Description

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/openpages_with_watson8.3 — 8.3.0.2.7+1

▶CVEListV5ibm/openpages_with_watson8.3, 9.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM OpenPages with Watson privilege escalation↗2024-01-19

▶

GHSA

GHSA-5m9f-w8v4-rvgm: IBM OpenPages with Watson 8↗2024-01-19

▶