In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 03-04, 2024.
During this period, The National Vulnerability Database published 20, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 5
Medium: 10
Low: 1
Severity Not Assigned: 4
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-30999
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254651
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-31004
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254765
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-300
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-32327
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254783
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-43016
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/266154
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-258
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-1064
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
References: https://gitlab.com/crafty-controller/crafty-4/-/issues/327
CWE-ID: CWE-644
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 03-04, 2024.
During this period, The National Vulnerability Database published 20, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 5
Medium: 10
Low: 1
Severity Not Assigned: 4
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-30999
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254651
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-31004
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254765
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-300
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-32327
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/254783
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-43016
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/266154
https://www.ibm.com/support/pages/node/7106586
CWE-ID: CWE-258
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-1064
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
References: https://gitlab.com/crafty-controller/crafty-4/-/issues/327
CWE-ID: CWE-644
Common Platform Enumerations (CPE): Not Found