CVE-2023-28522
First published: Wed Mar 22 2023(Updated: )
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM API Connect | >=10.0.0.0<10.0.1.11 | |
| IBM API Connect | >=10.0.2.0<10.0.5.2 | |
| IBM API Connect | <=V10.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28522?
CVE-2023-28522 is a vulnerability in IBM API Connect V10 that allows an authenticated user to perform unauthorized actions.
How severe is CVE-2023-28522?
CVE-2023-28522 has a severity rating of 8.8 out of 10, which is categorized as high.
What is the affected software?
The affected software is IBM API Connect V10 with versions between 10.0.0.0 and 10.0.1.11, and between 10.0.2.0 and 10.0.5.2.
How can an authenticated user exploit CVE-2023-28522?
An authenticated user can exploit CVE-2023-28522 by performing actions that they should not have access to.
Is there a fix available for CVE-2023-28522?
Yes, IBM has provided a fix for CVE-2023-28522. Please refer to the IBM support page for more information.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm api connect
- version/ibm api connect/10.0.0.0
- version/ibm api connect/10.0.2.0
- version/ibm api connect/v10.x