#VU85584 Storing passwords in a recoverable format in IBM OpenPages with Watson - CVE-2023-38738

Cybersecurity Help s.r.o.

Published: 2024-01-19

Vulnerability identifier: #VU85584

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38738

CWE-ID: CWE-257

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM OpenPages with Watson
Other software / Other software solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to weaker than expected security in a OpenPages environment using Native authentication. A remote user with access to the OpenPages database could through a series of specially crafted steps exploit this weakness and gain unauthorized access to other OpenPages accounts.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM OpenPages with Watson: before 8.3.0.2.7

External links
https://www.ibm.com/support/pages/node/7107775
https://exchange.xforce.ibmcloud.com/vulnerabilities/262594

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Storing passwords in a recoverable format in IBM OpenPages