Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-0842 |
CWE-ID | CWE-1321 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cloud Pak for Data Client/Desktop applications / Other client software |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU75603
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0842
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. A remote unauthenticated attacker can edit or add new properties to an object to execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Data: before 4.8.5
External linkshttp://www.ibm.com/support/pages/node/7164104
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.