{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-38367","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-07-16T00:53:13.214Z","datePublished":"2024-02-29T02:13:16.103Z","dateUpdated":"2025-03-27T14:58:22.035Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Cloud Pak for Automation","vendor":"IBM","versions":[{"status":"affected","version":"18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration.  IBM X-Force ID:  261130."}],"value":"IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration.  IBM X-Force ID:  261130."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"CVE-287 Improper Authentication","lang":"en"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2024-02-29T02:13:16.103Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/7015271"},{"tags":["vdb-entry"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/261130"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Cloud Pak for Automation authentication bypass","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-287","lang":"en","description":"CWE-287 Improper Authentication"}]}],"affected":[{"vendor":"ibm","product":"cloud_pak_for_automation","cpes":["cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.2:-:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:22.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_automation:22.0.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"18.0.0","status":"affected"},{"version":"18.0.1","status":"affected"},{"version":"18.0.2","status":"affected"},{"version":"19.0.1","status":"affected"},{"version":"19.0.2","status":"affected"},{"version":"19.0.3","status":"affected"},{"version":"20.0.1","status":"affected"},{"version":"20.0.2","status":"affected"},{"version":"20.0.3","status":"affected"},{"version":"21.0.1","status":"affected"},{"version":"21.0.2","status":"affected"},{"version":"21.0.3","status":"affected"},{"version":"22.0.1","status":"affected"},{"version":"22.0.2","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-03-01T16:19:47.030118Z","id":"CVE-2023-38367","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-27T14:58:22.035Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:39:12.997Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.ibm.com/support/pages/node/7015271"},{"tags":["vdb-entry","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/261130"}]}]}}