IBM Cognos Analytics on Cloud Pak for Data improper access control
CVE-2023-28953

3.1LOW

Key Information:

Vendor: IBM
Status: Cognos Analytics Cartridge For Cloud Pak For Data
Vendor: CVE Published:; 10 July 2023

What is CVE-2023-28953?

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.

Affected Version(s)

Cognos Analytics Cartridge for Cloud Pak for Data 4.0

References

https://www.ibm.com/support/pages/node/7006413

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/251465

vdb-entry

https://security.netapp.com/advisory/ntap-20230814-0001/

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Mar 29, 2023