{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47727", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-11-09T11:31:22.401Z", "datePublished": "2024-05-02T14:43:57.748Z", "dateUpdated": "2024-06-04T17:26:38.542Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cloud Pak for Security", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.10.11.0", "status": "affected", "version": "1.10.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "QRadar Suite Software", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.10.20.0", "status": "affected", "version": "1.10.12.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Vincent Dragnea"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."}], "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-02T14:43:57.748Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7149968"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM QRadar Suite Software file manipulation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47727", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:29:07.533265Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "cloud_pak_for_security", "versions": [{"status": "affected", "version": "1.10.0.0", "versionType": "custom", "lessThanOrEqual": "1.10.11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "qradar_suite", "versions": [{"status": "affected", "version": "1.10.12.0", "versionType": "custom", "lessThanOrEqual": "1.10.20.0 "}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:38.542Z"}}]}}

{"descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."}, {"lang": "es", "value": "IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.20.0 podr\u00edan permitir a un usuario autenticado modificar los par\u00e1metros del panel debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 272089."}], "id": "CVE-2023-47727", "lastModified": "2024-05-02T18:00:37.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-05-02T15:15:06.680", "references": [{"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}, {"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7149968"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}