Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-30744 |
CWE-ID | CWE-306 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Watson CP4D Data Stores Other software / Other software solutions |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU87307
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30744
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify data on the system.
The vulnerability exists due to excessive data output by the application. A remote attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsWatson CP4D Data Stores: before 4.7.0
External linkshttp://www.ibm.com/support/pages/node/7010049
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.