CVE-2023-30993

Description

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

ibm / cloud_pak_for_security1.9.0.0 – 1.9.2.0

References

MISChttps://www.ibm.com/support/pages/node/6995221
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/254136