CVE-2023-38367 (GCVE-0-2023-38367)
Vulnerability from cvelistv5 – Published: 2024-02-29 02:13 – Updated: 2025-03-27 14:58
VLAI?
Title
IBM Cloud Pak for Automation authentication bypass
Summary
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.
Severity ?
6.5 (Medium)
CWE
- CVE-287 Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cloud Pak for Automation |
Affected:
18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.2:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:22.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_automation:22.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloud_pak_for_automation",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "18.0.0"
},
{
"status": "affected",
"version": "18.0.1"
},
{
"status": "affected",
"version": "18.0.2"
},
{
"status": "affected",
"version": "19.0.1"
},
{
"status": "affected",
"version": "19.0.2"
},
{
"status": "affected",
"version": "19.0.3"
},
{
"status": "affected",
"version": "20.0.1"
},
{
"status": "affected",
"version": "20.0.2"
},
{
"status": "affected",
"version": "20.0.3"
},
{
"status": "affected",
"version": "21.0.1"
},
{
"status": "affected",
"version": "21.0.2"
},
{
"status": "affected",
"version": "21.0.3"
},
{
"status": "affected",
"version": "22.0.1"
},
{
"status": "affected",
"version": "22.0.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T16:19:47.030118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:58:22.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7015271"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud Pak for Automation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130."
}
],
"value": "IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVE-287 Improper Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T02:13:16.103Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7015271"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261130"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cloud Pak for Automation authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38367",
"datePublished": "2024-02-29T02:13:16.103Z",
"dateReserved": "2023-07-16T00:53:13.214Z",
"dateUpdated": "2025-03-27T14:58:22.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-38367\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-02-29T02:15:09.120\",\"lastModified\":\"2025-03-27T15:15:46.923\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.\"},{\"lang\":\"es\",\"value\":\"BM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) permite operaciones CRUD con un token no v\u00e1lido. Esto podr\u00eda permitir que un atacante no autenticado vea, actualice, elimine o cree una configuraci\u00f3n de IdP. ID de IBM X-Force: 261130.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D419EF8-4D41-4FBE-A41B-9F9EAF7F72EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C27956AA-CCEE-4073-A8D7-D1B9575EE25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A70646-ADD3-4CF7-A591-8BE96FBEF5A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF6CB2C4-800F-487A-B0E5-8A0A9718549D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52711AA-0F11-47E7-8EE8-6B8D65403F8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE2C6F84-C83F-4AE1-B0A7-740568F52C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC8A641D-B7AB-41FA-AFDB-2C8EBDA6A1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"250AC4D5-1D25-4EEE-B1CA-AA8E104BBF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C5B7FA4-A27C-40CA-AA53-183909D18C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF7E2601-47E6-4111-9DE0-C3C01705884A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*\",\"matchCriteriaId\":\"AECC2FB4-0D29-45DB-AB55-B6C6C6A8BB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F5E495-92A5-419D-884B-C82D6AA5B56B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*\",\"matchCriteriaId\":\"508939AF-58FC-4E12-B4E2-B11865B603F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B419DE-4597-4A33-861D-5530BDA9E679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*\",\"matchCriteriaId\":\"00EE653A-0EAD-489B-9610-6BEE3295AAEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*\",\"matchCriteriaId\":\"06B644E7-7EB2-4AB6-9D30-EA0602373FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*\",\"matchCriteriaId\":\"838846CB-8436-40D1-9C3B-FBA2426351E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA799229-3577-409F-BFCC-0ABA541EA710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_001:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EB47B7D-C408-4ED1-9D98-8BF77FFEF8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_0012:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D22CC4-3541-4BAA-8B45-FEB41F2E1697\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_002:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8859A71-36FD-4E83-B8C6-BEEF772AB084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_003:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAEF9352-EDCB-4D16-B3F9-11962D3E9F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_004:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5C8892F-A803-4E3F-8992-5011B2E73C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_005:*:*:*:*:*:*\",\"matchCriteriaId\":\"4890680E-8D82-46DB-9346-3C26D8C9F7A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_006:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F11DDE3-29C4-4CC4-AF73-DF7CCC73D5FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_007:*:*:*:*:*:*\",\"matchCriteriaId\":\"358590C1-6CAF-4FA7-9975-C9DD41242B1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_008:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C2A88F1-55B3-43A9-8051-71C467A6712F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_009:*:*:*:*:*:*\",\"matchCriteriaId\":\"E06C0789-2CC4-4D57-87D0-C0FAB9DB1B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_010:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B207F2D-B5F2-4B0C-863A-AD1620633A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_011:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E3468FC-CB4C-4EFE-A1ED-46F780ABB703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_012:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26A78C9-525C-43B3-88FF-9A6AC62A6C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8D6EB68-3804-494D-B12A-2E96E31D1B1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D8DE68-5651-4068-B978-79B28F2DC5D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBEA972A-A41E-44C9-8D35-1A991D3384B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3009F4E-7157-43D3-B6A0-2531CDE619BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA97C23-9B80-4956-9873-317902A0D804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D0B6203-C775-4C5E-BAE9-C956E718F261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*\",\"matchCriteriaId\":\"257A7A17-7EDF-4E23-88A6-216BC29EC467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*\",\"matchCriteriaId\":\"26FF217B-1BD4-46E5-8023-2B2989FF7868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*\",\"matchCriteriaId\":\"C60E58EA-C4D5-4D4D-8C9B-3EC33A7027E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*\",\"matchCriteriaId\":\"7817670E-5649-42A9-B5F9-7586D7AEB4CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC7F85E8-8185-418A-B25F-8E64A58177DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*\",\"matchCriteriaId\":\"37616DCD-C26C-44EA-AA7F-732DC128FFE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*\",\"matchCriteriaId\":\"26CAC076-6FED-49E2-BF33-230F1D1195F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A88C56C-22CC-4791-BB33-C1494E7F41EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*\",\"matchCriteriaId\":\"12652B2E-307E-4568-920B-A869914ED650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F4E242F-BDF4-4CFE-B808-4A4B7A6FAD0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*\",\"matchCriteriaId\":\"88E736CF-CA6E-400B-9AE3-2C58D2265752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*\",\"matchCriteriaId\":\"02488B2F-8D6E-4BDC-8DA9-45F5EBC42049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*\",\"matchCriteriaId\":\"854F4AF8-B712-446E-9DE1-A2496D5E9C1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF3F1B62-089B-41ED-AD3E-F31F8E967F18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB843C3-F26D-43A5-AD3E-9D30D00339D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_021:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A67A28-CBF1-4C37-A217-F4789ED1850E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_022:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFEF1033-B100-400A-9B2B-94AEE3A7B94A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22E2017-86A6-4CD1-8192-7A5DF0A1D818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_001:*:*:*:*:*:*\",\"matchCriteriaId\":\"31BC7CBD-C728-481C-AC5F-110FD7799B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_002:*:*:*:*:*:*\",\"matchCriteriaId\":\"49793CE0-A419-4937-89B4-B6A8F0E22C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_003:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7ABFE27-D890-4AF4-8686-296F4DB90F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_004:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE746B2B-EECA-4332-9A24-8EF23BDA1B52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_005:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE539C9-6AF2-4B02-8916-2AC7D4A93C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_006:*:*:*:*:*:*\",\"matchCriteriaId\":\"72743164-5279-4FB6-86EE-EBE5B8CD6D1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"517C5EDE-5104-4E22-B9C6-64DFBA7650C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_001:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A81368D-744B-4886-96C7-1755A27C0AAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_002:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B823170-57D5-4329-B41A-6C347982E00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_003:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE375C3-E995-415F-A349-A45998764910\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_004:*:*:*:*:*:*\",\"matchCriteriaId\":\"A402E881-759D-4B59-985D-4DDA49327147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_005:*:*:*:*:*:*\",\"matchCriteriaId\":\"939B5364-0CF8-480A-B15A-B1FD9D9560EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_006:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD80442-5DB1-44AC-B4FC-6EDF4162586B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"684E6AB2-84C1-4700-B519-88D0C7D8D3CB\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/261130\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7015271\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/261130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7015271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7015271\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/261130\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:39:12.997Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38367\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-01T16:19:47.030118Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:22.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cloud_pak_for_automation:22.0.2:*:*:*:*:*:*:*\"], \"vendor\": \"ibm\", \"product\": \"cloud_pak_for_automation\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0\"}, {\"status\": \"affected\", \"version\": \"18.0.1\"}, {\"status\": \"affected\", \"version\": \"18.0.2\"}, {\"status\": \"affected\", \"version\": \"19.0.1\"}, {\"status\": \"affected\", \"version\": \"19.0.2\"}, {\"status\": \"affected\", \"version\": \"19.0.3\"}, {\"status\": \"affected\", \"version\": \"20.0.1\"}, {\"status\": \"affected\", \"version\": \"20.0.2\"}, {\"status\": \"affected\", \"version\": \"20.0.3\"}, {\"status\": \"affected\", \"version\": \"21.0.1\"}, {\"status\": \"affected\", \"version\": \"21.0.2\"}, {\"status\": \"affected\", \"version\": \"21.0.3\"}, {\"status\": \"affected\", \"version\": \"22.0.1\"}, {\"status\": \"affected\", \"version\": \"22.0.2\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-12T22:27:26.984Z\"}}], \"cna\": {\"title\": \"IBM Cloud Pak for Automation authentication bypass\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IBM\", \"product\": \"Cloud Pak for Automation\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7015271\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/261130\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CVE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-02-29T02:13:16.103Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-38367\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-27T14:58:22.035Z\", \"dateReserved\": \"2023-07-16T00:53:13.214Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-02-29T02:13:16.103Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…