CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

CVSS v3 2.4 LOW

2.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/275777	VDB Entry
https://www.ibm.com/support/pages/node/7116610	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/275777	VDB Entry
https://www.ibm.com/support/pages/node/7116610	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-21 15:15

Updated : 2024-12-10 19:26

NVD link : CVE-2023-50955

Mitre link : CVE-2023-50955

CVE.ORG link : CVE-2023-50955

JSON object : View

Products Affected

ibm

infosphere_information_server

CWE

CWE-36

Absolute Path Traversal

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-50955", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-02-21T15:15:08.760", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275777", "tags": ["VDB Entry"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/7116610", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275777", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7116610", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-36"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un usuario privilegiado autenticado obtenga la ruta absoluta de la instalaci\u00f3n del servidor web, lo que podr\u00eda ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 275777."}], "lastModified": "2024-12-10T19:26:58.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}