A vulnerability was found in IBM PowerSC 1.3/2.0/2.1. It has been declared as problematic. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a trusting http permission methods on the server side vulnerability. The CWE definition for the vulnerability is CWE-650. The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state. As an impact it is known to affect integrity. CVE summarizes:

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.

The weakness was released 02/02/2024. The advisory is available at ibm.com. This vulnerability was named CVE-2023-50327 since 12/07/2023. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 02/02/2024). It is expected to see the exploit prices for this product increasing in the near future.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (275109). Entries connected to this vulnerability are available at VDB-252618, VDB-252619, VDB-252621 and VDB-252624.

Productinfo

Vendor

• IBM

Name

• PowerSC

Version

• 1.3
• 2.0
• 2.1

License

• commercial

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion