CVE-2023-47727 - Vulnerability Details - OpenCVE

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Cloud Pak For Security Qradar Suite

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cloud_pak_for_security::::::::
	cpe:2.3:a:ibm:qradar_suite::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-51825	IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/272089
https://www.ibm.com/support/pages/node/7149968

History

Wed, 13 Aug 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm Ibm cloud Pak For Security Ibm qradar Suite
CPEs		cpe:2.3:a:ibm:cloud_pak_for_security:::::::: cpe:2.3:a:ibm:qradar_suite::::::::
Vendors & Products		Ibm Ibm cloud Pak For Security Ibm qradar Suite

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-05-02T14:43:57.748Z

Updated: 2024-08-02T21:16:43.556Z

Reserved: 2023-11-09T11:31:22.401Z

Link: CVE-2023-47727

Vulnrichment

Updated: 2024-08-02T21:16:43.556Z

NVD

Status : Analyzed

Published: 2024-05-02T15:15:06.680

Modified: 2025-08-13T13:05:51.143

Link: CVE-2023-47727

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47727", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-11-09T11:31:22.401Z", "datePublished": "2024-05-02T14:43:57.748Z", "dateUpdated": "2024-08-02T21:16:43.556Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cloud Pak for Security", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.10.11.0", "status": "affected", "version": "1.10.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "QRadar Suite Software", "vendor": "IBM", "versions": [{"lessThanOrEqual": "1.10.20.0", "status": "affected", "version": "1.10.12.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Vincent Dragnea"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."}], "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-02T14:43:57.748Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7149968"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM QRadar Suite Software file manipulation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47727", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:29:07.533265Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "cloud_pak_for_security", "versions": [{"status": "affected", "version": "1.10.0.0", "versionType": "custom", "lessThanOrEqual": "1.10.11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "qradar_suite", "versions": [{"status": "affected", "version": "1.10.12.0", "versionType": "custom", "lessThanOrEqual": "1.10.20.0 "}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:38.542Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7149968"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7149968", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.556Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47727", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:29:07.533265Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "cloud_pak_for_security", "versions": [{"status": "affected", "version": "1.10.0.0", "versionType": "custom", "lessThanOrEqual": "1.10.11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "qradar_suite", "versions": [{"status": "affected", "version": "1.10.12.0", "versionType": "custom", "lessThanOrEqual": "1.10.20.0 "}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T17:39:23.008Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "IBM QRadar Suite Software file manipulation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Vincent Dragnea"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Cloud Pak for Security", "versions": [{"status": "affected", "version": "1.10.0.0", "versionType": "semver", "lessThanOrEqual": "1.10.11.0"}], "defaultStatus": "unaffected"}, {"vendor": "IBM", "product": "QRadar Suite Software", "versions": [{"status": "affected", "version": "1.10.12.0", "versionType": "semver", "lessThanOrEqual": "1.10.20.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7149968", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.", "supportingMedia": [{"type": "text/html", "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-02T14:43:57.748Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47727", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:16:43.556Z", "dateReserved": "2023-11-09T11:31:22.401Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-05-02T14:43:57.748Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FA89838-3E05-4778-9323-DE51CC10FD18", "versionEndIncluding": "1.10.11.0", "versionStartIncluding": "1.10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "90E54DF7-D8B7-4296-9C9D-D4605117F37D", "versionEndIncluding": "1.10.20.0", "versionStartIncluding": "1.10.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089."}, {"lang": "es", "value": "IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.20.0 podr\u00edan permitir a un usuario autenticado modificar los par\u00e1metros del panel debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 272089."}], "id": "CVE-2023-47727", "lastModified": "2025-08-13T13:05:51.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-05-02T15:15:06.680", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149968"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}