cvelistv5 - CVE-2023-38268

CVE-2023-38268 (GCVE-0-2023-38268)

Vulnerability from cvelistv5

Published

2023-12-01 19:21

Modified

2024-08-02 17:39

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Summary

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

References

URL

	Vendor	Product	Version
	IBM	InfoSphere Information Server	Version: 11.7

ghsa-8786-4x7j-x27r

Vulnerability from github

Published

2023-12-01 21:30

Modified

2023-12-01 21:30

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-38268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-01T20:15:07Z",
    "severity": "MODERATE"
  },
  "details": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  260585.",
  "id": "GHSA-8786-4x7j-x27r",
  "modified": "2023-12-01T21:30:29Z",
  "published": "2023-12-01T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38268"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7067682"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2023-3025

Vulnerability from csaf_certbund

Published

2023-11-28 23:00

Modified

2023-12-04 23:00

Summary

IBM InfoSphere Information Server: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3025 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3025.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3025 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3025"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7637"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7074335"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7074317"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070765"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070761"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070759"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070755"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067719"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067717"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067714"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067704"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067700"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067682"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067630"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067614"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:02:10.203+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3025",
      "initial_release_date": "2023-11-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server 11.7",
            "product": {
              "name": "IBM InfoSphere Information Server 11.7",
              "product_id": "444803",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46174",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-46174"
    },
    {
      "cve": "CVE-2023-43804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-43021",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43021"
    },
    {
      "cve": "CVE-2023-43015",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43015"
    },
    {
      "cve": "CVE-2023-42022",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42022"
    },
    {
      "cve": "CVE-2023-42019",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42019"
    },
    {
      "cve": "CVE-2023-42009",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42009"
    },
    {
      "cve": "CVE-2023-40699",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-40699"
    },
    {
      "cve": "CVE-2023-39410",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-39410"
    },
    {
      "cve": "CVE-2023-38268",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-38268"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2022-25883",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2021-23337",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2021-23337"
    },
    {
      "cve": "CVE-2020-8203",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-28500",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2020-28500"
    }
  ]
}

WID-SEC-W-2023-3025

Vulnerability from csaf_certbund

Published

2023-11-28 23:00

Modified

2023-12-04 23:00

Summary

IBM InfoSphere Information Server: Mehrere Schwachstellen

Notes

Produktbeschreibung

IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.

Angriff

Betroffene Betriebssysteme

- UNIX - Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3025 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3025.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3025 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3025"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7637"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7074335"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7074317"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070765"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070761"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070759"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070755"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067719"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067717"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067714"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067704"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067700"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067682"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067630"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067614"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:02:10.203+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3025",
      "initial_release_date": "2023-11-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server 11.7",
            "product": {
              "name": "IBM InfoSphere Information Server 11.7",
              "product_id": "444803",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46174",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-46174"
    },
    {
      "cve": "CVE-2023-43804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-43021",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43021"
    },
    {
      "cve": "CVE-2023-43015",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43015"
    },
    {
      "cve": "CVE-2023-42022",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42022"
    },
    {
      "cve": "CVE-2023-42019",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42019"
    },
    {
      "cve": "CVE-2023-42009",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42009"
    },
    {
      "cve": "CVE-2023-40699",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-40699"
    },
    {
      "cve": "CVE-2023-39410",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-39410"
    },
    {
      "cve": "CVE-2023-38268",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-38268"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2022-25883",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2021-23337",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2021-23337"
    },
    {
      "cve": "CVE-2020-8203",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-28500",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2020-28500"
    }
  ]
}

gsd-2023-38268

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-38268

Aliases

CVE-2023-38268

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-38268",
    "id": "GSD-2023-38268"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-38268"
      ],
      "details": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  260585.",
      "id": "GSD-2023-38268",
      "modified": "2023-12-13T01:20:35.792331Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2023-38268",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "InfoSphere Information Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "11.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  260585."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-352",
                "lang": "eng",
                "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/7067682",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/7067682"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.7.1.0",
                    "versionStartIncluding": "11.7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.7.1.4",
                    "versionStartIncluding": "11.7.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2023-38268"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  260585."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/7067682",
              "refsource": "",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7067682"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585",
              "refsource": "",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-12-04T18:33Z",
      "publishedDate": "2023-12-01T20:15Z"
    }
  }
}

cnvd-2023-95712

Vulnerability from cnvd

Title

IBM InfoSphere Information Server跨站请求伪造漏洞（CNVD-2023-9571298）

Description

IBM InfoSphere Information Server是美国国际商业机器（IBM）公司的一套数据整合平台。该平台可用于整合各种渠道获取的数据信息。 IBM InfoSphere Information Server存在跨站请求伪造漏洞，攻击者可利用该漏洞执行从网站信任的用户传输的恶意和未经授权的操作。

Severity

中

Patch Name

IBM InfoSphere Information Server跨站请求伪造漏洞（CNVD-2023-9571298）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/7067682

Reference

https://www.ibm.com/support/pages/node/7067682

Impacted products

Name
IBM IBM InfoSphere Information Server 11.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-38268",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-38268"
    }
  },
  "description": "IBM InfoSphere Information Server\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6574\u5408\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u53ef\u7528\u4e8e\u6574\u5408\u5404\u79cd\u6e20\u9053\u83b7\u53d6\u7684\u6570\u636e\u4fe1\u606f\u3002\n\nIBM InfoSphere Information Server\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ece\u7f51\u7ad9\u4fe1\u4efb\u7684\u7528\u6237\u4f20\u8f93\u7684\u6076\u610f\u548c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7067682",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-95712",
  "openTime": "2023-12-06",
  "patchDescription": "IBM InfoSphere Information Server\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6574\u5408\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u53ef\u7528\u4e8e\u6574\u5408\u5404\u79cd\u6e20\u9053\u83b7\u53d6\u7684\u6570\u636e\u4fe1\u606f\u3002\r\n\r\nIBM InfoSphere Information Server\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ece\u7f51\u7ad9\u4fe1\u4efb\u7684\u7528\u6237\u4f20\u8f93\u7684\u6076\u610f\u548c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM InfoSphere Information Server\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2023-9571298\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM InfoSphere Information Server 11.7"
  },
  "referenceLink": "https://www.ibm.com/support/pages/node/7067682",
  "serverity": "\u4e2d",
  "submitTime": "2023-12-05",
  "title": "IBM InfoSphere Information Server\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2023-9571298\uff09"
}

fkie_cve-2023-38268

Vulnerability from fkie_nvd

Published

2023-12-01 20:15

Modified

2024-11-21 08:13

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/260585	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7067682	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/260585	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7067682	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	infosphere_information_server	*
ibm	infosphere_information_server	*
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB",
              "versionEndExcluding": "11.7.1.0",
              "versionStartIncluding": "11.7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
              "matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA",
              "versionEndExcluding": "11.7.1.4",
              "versionStartIncluding": "11.7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  260585."
    },
    {
      "lang": "es",
      "value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 260585."
    }
  ],
  "id": "CVE-2023-38268",
  "lastModified": "2024-11-21T08:13:12.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-01T20:15:07.083",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7067682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7067682"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-38268 (GCVE-0-2023-38268)

Vulnerability from cvelistv5

ghsa-8786-4x7j-x27r

Vulnerability from github

wid-sec-w-2023-3025

Vulnerability from csaf_certbund

WID-SEC-W-2023-3025

Vulnerability from csaf_certbund

gsd-2023-38268

Vulnerability from gsd

cnvd-2023-95712

Vulnerability from cnvd

fkie_cve-2023-38268

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature