CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

CVSS v3 2.4 LOW

2.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/275777	VDB Entry
https://www.ibm.com/support/pages/node/7116610	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/275777	VDB Entry
https://www.ibm.com/support/pages/node/7116610	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

History

10 Dec 2024, 19:26

Type	Values Removed	Values Added
CWE		CWE-22
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/275777 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/275777 - VDB Entry
References	~~() https://www.ibm.com/support/pages/node/7116610 -~~	() https://www.ibm.com/support/pages/node/7116610 - Vendor Advisory
CPE		cpe:2.3:a:ibm:infosphere_information_server:11.7:::::::*
First Time		Ibm Ibm infosphere Information Server

Information

Published : 2024-02-21 15:15

Updated : 2024-12-10 19:26

NVD link : CVE-2023-50955

Mitre link : CVE-2023-50955

CVE.ORG link : CVE-2023-50955

JSON object : View

Products Affected

ibm

infosphere_information_server

CWE

CWE-36

Absolute Path Traversal

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-50955", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-02-21T15:15:08.760", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275777", "tags": ["VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7116610", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275777", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7116610", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-36"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario privilegiado autenticado obtenga la ruta absoluta de la instalaci\u00f3n del servidor web, lo que podr\u00eda ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 275777."}], "lastModified": "2024-12-10T19:26:58.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}