CVE-2023-47742

EUVD-2023-51840
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances.  IBM X-Force ID:  272533.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ibmCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
ibmcloud_pak_for_security
1.10.0.0 ≤
𝑥
≤ 1.10.11.0
ibmqradar_suite
1.10.12.0 ≤
𝑥
≤ 1.10.18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/272533
https://www.ibm.com/support/pages/node/7129328
https://exchange.xforce.ibmcloud.com/vulnerabilities/272533
https://www.ibm.com/support/pages/node/7129328