CVE-2023-5676 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5676 PUBLISHED CVSS 8.699999809265137 HIGH

In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich.

EPSS 0.04% · 11.8th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.04%

11.8th percentile

Affected Products

Vendor	Product	Versions
IBM	IBM FlashSystem
IBM	IBM MQ 9.0 LTS
IBM	IBM MQ Operator v3.1.0 CD
IBM	IBM DataPower Gateway <10.5.4
IBM	IBM MQ 9.1 LTS
IBM	IBM App Connect Enterprise
IBM	IBM Storwize
IBM	IBM Business Automation Workflow
IBM	IBM QRadar SIEM <7.5.0 UP8
IBM	IBM DataPower Gateway <10.6.2
IBM	IBM DataPower Gateway <10.6.0.3
SUSE	SUSE Linux
IBM	IBM MQ Operator v2.4.8
IBM	IBM Rational Build Forge <8.0.0.26
IBM	IBM DataPower Gateway <10.5.0.15
IBM	IBM MQ Operator v2.0.19 LTS
IBM	IBM DB2
IBM	IBM App Connect Enterprise <=11.0.0.25
IBM	IBM Power Hardware Management Console V10
IBM	IBM DataPower Gateway <10.5.0.10

…and 8 more

Timeline

Jan 20, 1970 Fix PR Merged
Nov 15, 2023 CVE Published
Nov 16, 2023 EPSS Score
Dec 16, 2023 EPSS Score
Jan 14, 2024 EPSS Score
Feb 13, 2024 EPSS Score
Mar 13, 2024 EPSS Score
Apr 12, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 10, 2024 EPSS Score
Jul 10, 2024 EPSS Score
Aug 9, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0769.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0769 advisory
https://www.ibm.com/support/pages/node/7145704 advisory
https://lists.suse.com/pipermail/sle-security-updates/2024-November/019796.html advisory
https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0521.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0521 advisory
https://www.ibm.com/support/pages/node/7123135 advisory
https://www.ibm.com/support/pages/node/7123136 advisory
https://www.ibm.com/support/pages/node/7123137 advisory
https://www.ibm.com/support/pages/node/7123138 advisory
https://www.ibm.com/support/pages/node/7123139 advisory
https://www.ibm.com/support/pages/node/7126571 advisory
https://www.ibm.com/support/pages/node/7129251 advisory
https://www.ibm.com/support/pages/node/7137570 advisory
https://www.ibm.com/support/pages/node/7138007 advisory
https://www.ibm.com/support/pages/node/7145367 advisory
https://www.ibm.com/support/pages/node/7145780 advisory
https://www.ibm.com/support/pages/node/7146478 advisory
https://www.ibm.com/support/pages/node/7114770 advisory
https://www.ibm.com/support/pages/node/7150144 advisory

…and 3 more

Open in Interactive Console →