CVE-2023-27291 : IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sens

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

Published 2024-03-03 16:15:50

Updated 2024-12-23 17:58:45

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2023-27291

IBM » Watson Cp4d Data Stores » Version: 4.6.0
cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.0:*:*:*:*:*:*:*
Matching versions
IBM » Watson Cp4d Data Stores » Version: 4.6.1
cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.1:*:*:*:*:*:*:*
Matching versions
IBM » Watson Cp4d Data Stores » Version: 4.6.2
cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.2:*:*:*:*:*:*:*
Matching versions
IBM » Watson Cp4d Data Stores » Version: 4.6.3
cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-27291

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-27291

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST	2024-12-23
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
4.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N	0.9	3.6	IBM Corporation	2024-03-03
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-27291

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Assigned by: psirt@us.ibm.com (Primary)
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Assigned by: psirt@us.ibm.com (Secondary)

References for CVE-2023-27291

https://www.ibm.com/support/pages/node/6965458

Security Bulletin: Security Bulletin: Watson CP4D Data Stores for Cloud Pak for Data does not encypt sensitive information before storage or transmission (CVE-2023-27291)
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/248740

IBM Watson CP4D Data Stores information disclosure CVE-2023-27291 Vulnerability Report
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-27291

Products affected by CVE-2023-27291

Exploit prediction scoring system (EPSS) score for CVE-2023-27291

CVSS scores for CVE-2023-27291

CWE ids for CVE-2023-27291

References for CVE-2023-27291