CVE-2023-50959

CWE-4973 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 83.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK FOR Business Automation

Timeline

PublishedMar 31

Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/cloud_pak_for_business_automation18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, 23.0.2

▶NVDibm/cloud_pak16 versions+15

🔴Vulnerability Details

CVEList

IBM Cloud Pak for Business Automation information disclosure↗2024-03-31

▶

GHSA

GHSA-34m8-5x3c-2ccr: IBM Cloud Pak for Business Automation 18↗2024-03-31

▶