CVE-2023-27291

{"id": "CVE-2023-27291", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-03T16:15:49.777", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248740", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6965458", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248740", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6965458", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740."}, {"lang": "es", "value": "IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2 y 4.6.3 no cifra informaci\u00f3n confidencial o cr\u00edtica antes del almacenamiento o la transmisi\u00f3n, lo que podr\u00eda permitir a un atacante obtener informaci\u00f3n confidencial. ID de IBM X-Force: 248740."}], "lastModified": "2024-12-23T17:58:44.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB39864D-8BF1-440E-96C8-7AA7E7661A63"}, {"criteria": "cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90AFB6A0-A47D-4224-8C92-66573923CFA7"}, {"criteria": "cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1AB0B82-5FBB-4113-AEDF-593A70DACF6F"}, {"criteria": "cpe:2.3:a:ibm:watson_cp4d_data_stores:4.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B2F4E57-D265-4213-9D89-9A04F0AAE1CE"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}