IBM Tivoli Application Dependency Discovery Manager privilege escalation
CVE-2023-47142

8.8HIGH

Key Information:

Vendor: IBM
Status: Tivoli Application Dependency Discovery Manager
Vendor: CVE Published:; 2 February 2024

Summary

IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 are susceptible to a vulnerability that enables attackers on the same local network to escalate their privileges. This exploitation is facilitated by unauthorized access to the application’s API, allowing adversaries to manipulate access controls and gain elevated permissions within the system. Organizations utilizing vulnerable versions should implement recommended security updates and best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Tivoli Application Dependency Discovery Manager 7.3.0.0 <= 7.3.0.10

References

https://www.ibm.com/support/pages/node/7105139

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/270267

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Oct 31, 2023