CVE-2023-50935 — Forced Browsing in IBM Powersc

CWE-425 — Forced Browsing3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 86.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Powersc

Timeline

PublishedFeb 2

Description

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5ibm/powersc1.3, 2.0, 2.1

▶NVDibm/powersc1.3, 2.0, 2.1+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM PowerSC forced browsing↗2024-02-02

▶

GHSA

GHSA-vj5p-c5rg-hm3w: IBM PowerSC 1↗2024-02-02

▶