CVE-2023-23469 : IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2,

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.

Published 2023-02-01 19:15:09

Updated 2025-03-26 15:15:46

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2023-23469

IBM » Cloud Pak For Business Automation
Versions from including (>=) 18.0.0 and up to, including, (<=) 20.0.3
cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 007
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 004
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 002
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 003
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 006
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 005
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.1 Update Interim Fix 001
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 009
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_009:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 007
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_007:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 004
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_004:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 008
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_008:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 002
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_002:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 003
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_003:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 006
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_006:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 005
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_005:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 001
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_001:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 003
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 006
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 005
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 001
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 007
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 004
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 008
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.3 Update Interim Fix 002
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 21.0.2 Update Interim Fix 0012
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_0012:*:*:*:*:*:*
Matching versions
IBM » Cloud Pak For Business Automation » Version: 22.0.2
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-23469

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-23469

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.5	1.4	IBM Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-23469

CWE-525 Use of Web Browser Cache Containing Sensitive Information

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-23469

https://exchange.xforce.ibmcloud.com/vulnerabilities/244504

Vulnerability Report
Broken Link
https://www.ibm.com/support/pages/node/6857999

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-23469

Products affected by CVE-2023-23469

Exploit prediction scoring system (EPSS) score for CVE-2023-23469

CVSS scores for CVE-2023-23469

CWE ids for CVE-2023-23469

References for CVE-2023-23469