CVE-2023-50940

CWE-942CWE-6973 documents3 sources
Severity
9.8CRITICAL
EPSS
0.0%
top 87.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Powersc
Timeline
PublishedFeb 2

Description

IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/powersc1.3, 2.0, 2.1
NVDibm/powersc1.3, 2.0, 2.1+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM PowerSC cross-resource origin sharing2024-02-02
GHSA
GHSA-f4w8-52pm-ghr9: IBM PowerSC 12024-02-02
CVE-2023-50940 (CRITICAL CVSS 9.8) | IBM PowerSC 1.3 | cvebase.io