CVE-2023-46186Forced Browsing in IBM Jazz FOR Service Management

CWE-425Forced Browsing3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.1%
top 74.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz FOR Service Management
Timeline
PublishedFeb 14

Description

IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/jazz1.1.3.20

🔴Vulnerability Details

2
CVEList
IBM Jazz for Service Management information disclosure2024-02-14
GHSA
GHSA-fqjq-52qh-7jmw: IBM Jazz for Service Management 12024-02-14
CVE-2023-46186 — Forced Browsing in IBM | cvebase