Improper privilege management in IBM Watson Discovery Cartridge for IBM Cloud Pak for Data
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-22946 |
| CWE-ID | CWE-269 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Watson Discovery for IBM Cloud Pak for Data Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper Privilege Management
EUVDB-ID: #VU78721
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-22946
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management. A local user can send specially crafted configuration-related classes on the classpath and exploit this vulnerability to execute arbitrary code with the privileges of the submitting user.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Watson Discovery for IBM Cloud Pak for Data: before 4.7.0
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7002185
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
