CVE-2023-27291

MEDIUM

IBM Watson CP4D Data Stores <4.6.3 - Info Disclosure

Title source: llm

Description

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

References (2)

[Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/248740

[Vendor Advisory] https://www.ibm.com/support/pages/node/6965458

Scores

CVSS v3 4.5

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (4)

ibm/watson_cp4d_data_stores 4.6.0

ibm/watson_cp4d_data_stores 4.6.1

ibm/watson_cp4d_data_stores 4.6.2

ibm/watson_cp4d_data_stores 4.6.3

Published Mar 03, 2024

Tracked Since Feb 18, 2026