Risk
High
Patch available
YES
Number of vulnerabilities
11
CVE-ID
CVE-2023-27534CVE-2022-43552CVE-2023-23914CVE-2023-23916CVE-2023-27533CVE-2023-23915CVE-2023-27536CVE-2022-43551CVE-2023-27537CVE-2023-27535CVE-2023-27538
CWE-ID
CWE-20CWE-416CWE-319CWE-770CWE-371CWE-254CWE-415CWE-200
Exploitation vector
Network
Public exploit
N/A
Vulnerable softwareSubscribe
PowerSCOperating systems & Components / Operating system
Vendor
IBM Corporation
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
EUVDB-ID: #VU73827
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-27534
CWE-ID: CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the SFTP support when handling the tilde "~" character in the filepath. cURL will replace the tilde character to the current user's home directory and can reveal otherwise restricted files.
Mitigation
Install update from vendor's website.
Vulnerable software versions
PowerSC: All versions
CPE2.3
External links
http://www.ibm.com/support/pages/node/7004263
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU70456
..
Support the originator by clicking the read the rest link below.
