CVE-2023-33839: IBM Security Verify Governance command execution

Q: What is the severity of CVE-2023-33839?

The severity of CVE-2023-33839 is high with a severity value of 7.2.

Q: How can a remote attacker exploit CVE-2023-33839?

A remote authenticated attacker can exploit CVE-2023-33839 by sending a specially crafted request to execute arbitrary commands on the system.

Q: Which software is affected by CVE-2023-33839?

IBM Security Verify Governance version 10.0 is affected by CVE-2023-33839.

Q: Is there a fix available for CVE-2023-33839?

For information on the fix, please refer to IBM's support page at https://www.ibm.com/support/pages/node/7057377.

Q: Where can I find more information about CVE-2023-33839?

More information about CVE-2023-33839 can be found on the IBM X-Force Exchange page at https://exchange.xforce.ibmcloud.com/vulnerabilities/256036.

Published Oct 22, 2023

Updated

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.

Other sources

IBM Security Verify Governance could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

— IBM

Affected Software

3 affected components

IBM Security Verify Governance<=10.0

IBM Security Verify Governance=10.0

IBM Security Verify Governance=10.0.1

Remediation

Patch Available

https://www.ibm.com/support/pages/node/7057377

Event History

Oct 22, 2023

CVE Published

via IBM·12:00 AM

Oct 23, 2023

CVE Published

via MITRE·07:45 PM

Data Sourced

via MITRE·07:45 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7057377

Frequently Asked Questions

What is the severity of CVE-2023-33839?

The severity of CVE-2023-33839 is high with a severity value of 7.2.

How can a remote attacker exploit CVE-2023-33839?