How severe is CVE-2023-38367?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-38367?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-38367

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-287

View all →

Vulnerability Description

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.

CVE-2009-1596

MEDIUM

CVSS:6.5(Medium)

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intende...

CWE-2872009

CVE-2012-1258

MEDIUM

CVSS:6.5(Medium)

cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with adminis...

CWE-2872012

CVE-2015-4987

MEDIUM

CVSS:6.5(Medium)

The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896.

CWE-2872015

CVE-2015-5298

MEDIUM

CVSS:6.5(Medium)

The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps d...

CWE-2872015