Main Vulnerability Database Vulnerabilities #VU78760

Improper access control in Cloud Pak Foundational Services - CVE-2023-38367

Published: July 31, 2023

Vulnerability identifier: #VU78760

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-38367

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cloud Pak Foundational Services

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to IBM Cloud Pak Foundational Services Identity Provider (idP) API allows CRUD Operations with an invalid token. A remote attacker can bypass implemented security restrictions to view, update, delete or create an IdP configuration.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7015271

Improper access control in Cloud Pak Foundational Services - CVE-2023-38367

Description

Remediation

External links

Please verify you're human