IBM Watson CP4D Data Stores Vulnerability: Sensitive Information at Risk
CVE-2023-27291

7.5HIGH

Key Information:

Vendor: IBM
Status: Watson Cp4d Data Stores
Vendor: CVE Published:; 3 March 2024

What is CVE-2023-27291?

IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.3 lack proper encryption mechanisms for storing and transmitting sensitive or critical information. This vulnerability exposes data to potential interception by unauthorized parties, thereby compromising the confidentiality of critical business information. Organizations using these versions must implement additional security measures to safeguard sensitive data from unauthorized access.

Affected Version(s)

Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, 4.6.3

References

https://www.ibm.com/support/pages/node/6965458

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/248740

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2024
Vulnerability Reserved
Feb 27, 2023