CVE-2023-28512

Published: Mar 3, 2024Modified: Jan 29, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396.

Affected (3)

Products: Ibm: Watson Cp4d Data Stores

Ibm

1 product

Watson Cp4d Data Stores

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Watson Cp4d Data Stores	Version 4.6.0
Ibm Watson Cp4d Data Stores	Version 4.6.1
Ibm Watson Cp4d Data Stores	Version 4.6.2

Related CWEs

CWE-472

External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/250396

Source: psirt@us.ibm.com

VDB Entry

https://www.ibm.com/support/pages/node/6965456

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/250396

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

https://www.ibm.com/support/pages/node/6965456

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.