CVE-2023-23472

Published: Dec 11, 2024Modified: Mar 11, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

Affected (1)

Products: Ibm: Infosphere Information Server

Ibm

1 product

Infosphere Information Server

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Infosphere Information Server	Version 11.7

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (1)

https://www.ibm.com/support/pages/node/6988167

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.