CVE-2023-38367

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2023-38367 is a vulnerability affecting the Identity Provider API in IBM Cloud Pak Foundational Services. Versions 18.0.0 through 22.0.2 of IBM Cloud Pak for Automation are susceptible to this issue. An attacker with an invalid token can perform CRUD (Create, Read, Update, Delete) operations on IdP configurations, potentially leading to unauthorized access, modification, or deletion. This vulnerability, identified as IBM X-Force ID 261130, poses a significant risk to the security of affected IBM Cloud Pak installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sAd3CO
https://www.cve.org/CVERecord?id=CVE-2023-38367
https://nvd.nist.gov/vuln/detail/CVE-2023-38367

Back to Vulnerability Database

CVE-2023-38367

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations