CVE-2023-26023 MEDIUM

CVE-2023-26023: IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure

Vendor Ibm
Product Sterling Connect:Express for UNIX
Weakness CWE-532 · Sensitive info in logs
Published July 19, 2023
Last update October 21, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.

Key dates

02Disclosure timeline

July 19, 2023 CVE published
October 21, 2024 Record updated