Missing authentication for critical function in Watson CP4D Data Stores



Published: 2024-03-08
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-30744
CWE-ID CWE-306
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Watson CP4D Data Stores
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Missing Authentication for Critical Function

EUVDB-ID: #VU87307

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30744

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to excessive data output by the application. A remote attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 4.7.0

External links

http://www.ibm.com/support/pages/node/7010049


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###