CVE-2023-50328

Published: Feb 2, 2024Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.

Affected (3)

Products: Ibm: Powersc

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Powersc	Version 1.3
Ibm Powersc	Version 2.0
Ibm Powersc	Version 2.1

Related CWEs

Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/275110

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7113759

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/275110

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7113759

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.