CVE-2023-47727 (GCVE-0-2023-47727)
Vulnerability from cvelistv5 – Published: 2024-05-02 14:43 – Updated: 2024-08-02 21:16
VLAI?
Title
IBM QRadar Suite Software file manipulation
Summary
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.
Severity ?
4.3 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Cloud Pak for Security |
Affected:
1.10.0.0 , ≤ 1.10.11.0
(semver)
|
|||||||
|
|||||||||
Credits
Vincent Dragnea
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_pak_for_security",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "1.10.11.0",
"status": "affected",
"version": "1.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qradar_suite",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "1.10.20.0 ",
"status": "affected",
"version": "1.10.12.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T17:29:07.533265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:38.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7149968"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud Pak for Security",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.11.0",
"status": "affected",
"version": "1.10.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QRadar Suite Software",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "1.10.20.0",
"status": "affected",
"version": "1.10.12.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent Dragnea"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."
}
],
"value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T14:43:57.748Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7149968"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar Suite Software file manipulation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47727",
"datePublished": "2024-05-02T14:43:57.748Z",
"dateReserved": "2023-11-09T11:31:22.401Z",
"dateUpdated": "2024-08-02T21:16:43.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7149968\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/272089\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:16:43.556Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-47727\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-02T17:29:07.533265Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"ibm\", \"product\": \"cloud_pak_for_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.10.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.10.11.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*\"], \"vendor\": \"ibm\", \"product\": \"qradar_suite\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.10.12.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.10.20.0 \"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-02T17:39:23.008Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"IBM QRadar Suite Software file manipulation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Vincent Dragnea\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IBM\", \"product\": \"Cloud Pak for Security\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.10.11.0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"QRadar Suite Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.10.12.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.10.20.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7149968\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/272089\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1287\", \"description\": \"CWE-1287 Improper Validation of Specified Type of Input\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-05-02T14:43:57.748Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-47727\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T21:16:43.556Z\", \"dateReserved\": \"2023-11-09T11:31:22.401Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-05-02T14:43:57.748Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…