CVE-2023-27557 - OpenCVE

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Safer Payments

Configuration 1 [-]

OR	cpe:2.3:a:ibm:safer_payments::::::::
	cpe:2.3:a:ibm:safer_payments::::::::
	cpe:2.3:a:ibm:safer_payments::::::::
	cpe:2.3:a:ibm:safer_payments::::::::
	cpe:2.3:a:ibm:safer_payments:6.5.0.00:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/249192	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6985603	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2023-04-28T01:35:26.863Z

Updated: 2023-04-28T01:35:26.863Z

Reserved: 2023-03-02T20:39:33.983Z

Link: CVE-2023-27557

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-28T02:15:08.910

Modified: 2023-05-05T17:22:40.030

Link: CVE-2023-27557

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-27557", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-03-02T20:39:33.983Z", "datePublished": "2023-04-28T01:35:26.863Z", "dateUpdated": "2023-04-28T01:35:26.863Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Safer Payments", "vendor": "IBM", "versions": [{"lessThanOrEqual": "6.1.1.02", "status": "affected", "version": "6.1.0.00", "versionType": "semver"}, {"lessThanOrEqual": "6.2.2.02", "status": "affected", "version": "6.2.0.00", "versionType": "semver"}, {"lessThanOrEqual": "6.3.1.02", "status": "affected", "version": "6.3.0.00", "versionType": "semver"}, {"lessThanOrEqual": "6.4.2.01", "status": "affected", "version": "6.4.0.00", "versionType": "semver"}, {"status": "affected", "version": "6.5.0.00"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192."}], "value": "IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-04-28T01:35:26.863Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6985603"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249192"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Safter Payments information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:safer_payments:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FD3EAC9-EF52-41AC-A784-F8AA19D97C3C", "versionEndExcluding": "6.1.1.03", "versionStartIncluding": "6.1.0.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:safer_payments:*:*:*:*:*:*:*:*", "matchCriteriaId": "47F2E960-5FB2-4A7C-A8E3-D89E7C390D6A", "versionEndExcluding": "6.2.2.03", "versionStartIncluding": "6.2.0.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:safer_payments:*:*:*:*:*:*:*:*", "matchCriteriaId": "88AA28EC-168B-4228-84F5-D4060EC65308", "versionEndExcluding": "6.3.1.03", "versionStartIncluding": "6.3.0.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:safer_payments:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BD2F86A-17C0-4B3A-943E-F8DBD44A5141", "versionEndExcluding": "6.4.2.02", "versionStartIncluding": "6.4.0.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:safer_payments:6.5.0.00:*:*:*:*:*:*:*", "matchCriteriaId": "727697D8-022F-4C78-8BD2-27548DA1F70D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192."}], "id": "CVE-2023-27557", "lastModified": "2023-05-05T17:22:40.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-04-28T02:15:08.910", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249192"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6985603"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}