Log File Vulnerability Could Allow Local User Access to Sensitive Information
CVE-2023-40694

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Watson Cp4d Data Stores
Vendor: CVE Published:; 7 May 2024

Summary

The IBM Watson CP4D Data Stores from version 4.0.0 to 4.8.4 exhibit a vulnerability where potentially sensitive data is stored in log files. This issue presents a risk as local users could easily access these logs, leading to unauthorized data disclosure. Safeguarding log files and ensuring proper access controls are essential to mitigate this susceptibility. Organizations utilizing impacted versions must take immediate action to enhance their security posture and protect sensitive information.

Affected Version(s)

Watson CP4D Data Stores 4.0.0 <= 4.8.4

References

https://www.ibm.com/support/pages/node/7150286

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/264838

vdb-entry

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Aug 18, 2023