Local User Access to Unauthorized Projects
CVE-2023-35022

3.3LOW

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 30 June 2024

Summary

IBM InfoSphere Information Server 11.7 is susceptible to a vulnerability that may enable a local user to modify projects beyond their authorized access levels. This flaw compromises access control mechanisms, creating potential risks for data integrity and security. Proper configurations and security measures are essential to mitigate unauthorized project updates by users lacking permissions.

Affected Version(s)

InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/7158447

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/258254

vdb-entry

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2024
Vulnerability Reserved
Jun 11, 2023