Sign-up

ID

VAR-202307-1849


CVE

CVE-2023-30433


TITLE

IBM Security Verify Access Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202307-1650

DESCRIPTION

IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186

Trust: 1.53

sources: NVD: CVE-2023-30433 // CNNVD: CNNVD-202307-1650 // VULMON: CVE-2023-30433

AFFECTED PRODUCTS

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0

Trust: 1.0

sources: NVD: CVE-2023-30433

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-30433
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2023-30433
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202307-1650
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

psirt@us.ibm.com:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-30433 // NVD: CVE-2023-30433 // CNNVD: CNNVD-202307-1650

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.0

sources: NVD: CVE-2023-30433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-1650

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202307-1650

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-30433

PATCH
title:IBM Security Verify Access Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246745
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202307-1650

EXTERNAL IDS
db:NVDid:CVE-2023-30433
Trust: 1.7
db:CNNVDid:CNNVD-202307-1650
Trust: 0.6
db:VULMONid:CVE-2023-30433
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-30433 // 
            
            
            
            NVD: CVE-2023-30433 // 
            
            
            
            CNNVD: CNNVD-202307-1650

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/252186
Trust: 1.7
url:https://www.ibm.com/support/pages/node/7012613
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-30433/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2023-30433
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-30433 // 
            
            
            
            NVD: CVE-2023-30433 // 
            
            
            
            CNNVD: CNNVD-202307-1650

SOURCES
db:VULMONid:CVE-2023-30433
db:NVDid:CVE-2023-30433
db:CNNVDid:CNNVD-202307-1650

LAST UPDATE DATE
2023-12-18T13:36:08.494000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-30433date:2023-07-19T00:00:00
db:NVDid:CVE-2023-30433date:2023-07-28T13:57:03.003
db:CNNVDid:CNNVD-202307-1650date:2023-07-21T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-30433date:2023-07-19T00:00:00
db:NVDid:CVE-2023-30433date:2023-07-19T01:15:09.833
db:CNNVDid:CNNVD-202307-1650date:2023-07-18T00:00:00