Sign-up

ID

VAR-202305-1185


CVE

CVE-2023-25927


TITLE

IBM  of  Security Verify Access  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-011092

DESCRIPTION

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. IBM of Security Verify Access Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 2.25

sources: NVD: CVE-2023-25927 // JVNDB: JVNDB-2023-011092 // CNNVD: CNNVD-202305-1284 // VULMON: CVE-2023-25927

AFFECTED PRODUCTS

vendor:ibmmodel:security verify accessscope:eqversion:10.0.5

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.4

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.1

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.3

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.2

Trust: 1.8

vendor:ibmmodel:security verify accessscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-011092 // NVD: CVE-2023-25927

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-25927
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202305-1284
value: HIGH

Trust: 0.6

NVD: CVE-2023-25927
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-25927
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-011092 // CNNVD: CNNVD-202305-1284 // NVD: CVE-2023-25927

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-011092 // NVD: CVE-2023-25927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-1284

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202305-1284

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-25927

PATCH
title:6989653 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719
Trust: 0.8
title:IBM Security Verify Access Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=238860
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2023-011092 // 
            
            
            
            CNNVD: CNNVD-202305-1284

EXTERNAL IDS
db:NVDid:CVE-2023-25927
Trust: 3.3
db:JVNDBid:JVNDB-2023-011092
Trust: 0.8
db:CNNVDid:CNNVD-202305-1284
Trust: 0.6
db:VULMONid:CVE-2023-25927
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-25927 // 
            
            
            
            JVNDB: JVNDB-2023-011092 // 
            
            
            
            CNNVD: CNNVD-202305-1284 // 
            
            
            
            NVD: CVE-2023-25927

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/247635
Trust: 1.7
url:https://www.ibm.com/support/pages/node/6989653?_ga=2.22490043.1644592052.1684753176-785517468.1677620719
Trust: 1.6
url:https://https://www.ibm.com/support/pages/node/6989653
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-25927
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-25927/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-25927 // 
            
            
            
            JVNDB: JVNDB-2023-011092 // 
            
            
            
            CNNVD: CNNVD-202305-1284 // 
            
            
            
            NVD: CVE-2023-25927

SOURCES
db:VULMONid:CVE-2023-25927
db:JVNDBid:JVNDB-2023-011092
db:CNNVDid:CNNVD-202305-1284
db:NVDid:CVE-2023-25927

LAST UPDATE DATE
2023-12-13T22:33:42.689000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-25927date:2023-05-15T00:00:00
db:JVNDBid:JVNDB-2023-011092date:2023-12-12T05:54:00
db:CNNVDid:CNNVD-202305-1284date:2023-05-25T00:00:00
db:NVDid:CVE-2023-25927date:2023-05-24T16:35:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-25927date:2023-05-12T00:00:00
db:JVNDBid:JVNDB-2023-011092date:2023-12-12T00:00:00
db:CNNVDid:CNNVD-202305-1284date:2023-05-12T00:00:00
db:NVDid:CVE-2023-25927date:2023-05-12T18:15:00