PT-2023-21390 · Ibm · Planning Analytics Cartridge For Cloud Pak For Data

Publicado

2023-07-19

Atualizado

2023-07-28

CVE-2023-27877

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Cartridge for Cloud Pak for Data version 4.0

Description The issue concerns an insecure password policy in the CouchDB server connected to IBM Planning Analytics Cartridge for Cloud Pak for Data. This allows an attacker to exploit the policy and collect sensitive information from the database.

Recommendations For IBM Planning Analytics Cartridge for Cloud Pak for Data version 4.0, consider implementing a secure password policy for the CouchDB server to prevent exploitation. As a temporary workaround, restrict access to the CouchDB server to minimize the risk of sensitive information collection.

Correção

Improper Authentication

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-200

Identificadores relacionados

CVE-2023-27877

Produtos afetados

Planning Analytics Cartridge For Cloud Pak For Data

PT-2023-21390 · Ibm · Planning Analytics Cartridge For Cloud Pak For Data

CVE-2023-27877

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6