CVE-2023-50305

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.4 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

BM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/273336	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7124058	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/273336	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7124058	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:::::::*
	cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:::::::*

History

21 Nov 2024, 08:36

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/273336 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/273336 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7124058 - Vendor Advisory~~	() https://www.ibm.com/support/pages/node/7124058 - Vendor Advisory

Information

Published : 2024-03-01 02:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50305

Mitre link : CVE-2023-50305

CVE.ORG link : CVE-2023-50305

JSON object : View

Products Affected

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2023-50305", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.4}]}, "published": "2024-03-01T02:15:07.590", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336", "tags": ["VDB Entry", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/7124058", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7124058", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."}, {"lang": "es", "value": "IBM Engineering Requisitos Management DOORS 9.7.2.7 no requiere que los usuarios tengan contrase\u00f1as seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de los usuarios. ID de IBM X-Force: 273336."}], "lastModified": "2024-11-21T08:36:49.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE06AC34-D09F-4BD8-B115-1691D8643419"}, {"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13ECE46A-0CFF-4199-A8B3-923077E07484"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}