{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-47727","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-11-09T11:31:22.401Z","datePublished":"2024-05-02T14:43:57.748Z","dateUpdated":"2024-08-02T21:16:43.556Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Cloud Pak for Security","vendor":"IBM","versions":[{"lessThanOrEqual":"1.10.11.0","status":"affected","version":"1.10.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"QRadar Suite Software","vendor":"IBM","versions":[{"lessThanOrEqual":"1.10.20.0","status":"affected","version":"1.10.12.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Vincent Dragnea"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation.  IBM X-Force ID:  272089."}],"value":"IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation.  IBM X-Force ID:  272089."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1287","description":"CWE-1287 Improper Validation of Specified Type of Input","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2024-05-02T14:43:57.748Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/7149968"},{"tags":["vdb-entry"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}],"source":{"discovery":"UNKNOWN"},"title":"IBM QRadar Suite Software file manipulation","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-47727","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-02T17:29:07.533265Z"}}}],"affected":[{"cpes":["cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"],"vendor":"ibm","product":"cloud_pak_for_security","versions":[{"status":"affected","version":"1.10.0.0","versionType":"custom","lessThanOrEqual":"1.10.11.0"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"],"vendor":"ibm","product":"qradar_suite","versions":[{"status":"affected","version":"1.10.12.0","versionType":"custom","lessThanOrEqual":"1.10.20.0 "}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:26:38.542Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:16:43.556Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.ibm.com/support/pages/node/7149968"},{"tags":["vdb-entry","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}]}]}}