CVE-2023-50959

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.

Related Vulnerabilities

CVE-2021-0291

MEDIUM
CVSS:6.5(Medium)

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthen...

CWE-4972021

CVE-2022-2403

MEDIUM
CVSS:6.5(Medium)

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to an...

CWE-4972022

CVE-2022-4968

MEDIUM
CVSS:6.5(Medium)

netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.

CWE-4972022

CVE-2023-20111

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due t...

CWE-4972023

CVE-2023-23472

MEDIUM
CVSS:6.5(Medium)

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

CWE-4972023

CVE-2023-4605

MEDIUM
CVSS:6.5(Medium)

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

CWE-4972023