Main Vulnerability Database SB2024030838

SB2024030838 - Missing authentication for critical function in Watson CP4D Data Stores

Published: March 8, 2024

Security Bulletin ID SB2024030838

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2023-30744)

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to excessive data output by the application. A remote attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7010049