Data Manipulation Vulnerability in Watson CP4D Data Stores
CVE-2023-28512

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Watson Cp4d Data Stores
Vendor: CVE Published:; 3 March 2024

What is CVE-2023-28512?

IBM Watson CP4D Data Stores versions 4.6.0, 4.6.1, and 4.6.2 are prone to a vulnerability that could allow malicious actors, who possess specific insights about the system, to manipulate data. This issue stems from improper input validation, enabling unauthorized data alteration. Users and administrators of these affected versions should assess their systems and implement necessary measures to mitigate the risks associated with this vulnerability. For more information and guidance, reference IBM's official advisory.

Affected Version(s)

Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2

References

https://www.ibm.com/support/pages/node/6965456

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/250396

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2024
Vulnerability Reserved
Mar 16, 2023