CVE-2023-47742

Published Mar 3, 2024

Last updated 5 months ago

CVSS medium 5.9

Overview

Description: IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

psirt@us.ibm.com: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18",
            "versionEndIncluding": "1.10.11.0",
            "versionStartIncluding": "1.10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDAE0504-D072-446E-AF1D-D86C300A64F4",
            "versionEndIncluding": "1.10.18.0",
            "versionStartIncluding": "1.10.12.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References