Cloud Pak For Data
CVE-2023-27540
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.
AnalysisAI
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924. Affected products include: Ibm Cloud Pak For Data, Ibm Watson Cp4D Data Stores.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.
More in Cloud Pak For Data
View allIBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. Rated high severity (CVSS 7.5)
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attack
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attack
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additio
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. Rate
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today