CVE-2023-23469

MEDIUM

IBM ICP4A - Automation Decision Services <22.0.2 - Info Disclosure

Title source: llm

Description

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://www.ibm.com/support/pages/node/6857999

Broken Link vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/244504

Scores

CVSS v3 4.0

EPSS 0.0005

EPSS Percentile 16.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-525

Status published

Products (5)

ibm/cloud_pak_for_business_automation 21.0.1 (8 CPE variants)

ibm/cloud_pak_for_business_automation 21.0.2 (11 CPE variants)

ibm/cloud_pak_for_business_automation 21.0.3 (9 CPE variants)

ibm/cloud_pak_for_business_automation 22.0.2

ibm/cloud_pak_for_business_automation 18.0.0 - 20.0.3

Published Feb 01, 2023

Tracked Since Feb 18, 2026