In March 2023, IBM disclosed a new security vulnerability in its flagship data platform, IBM Watson CloudPak for Data. Tracked as CVE-2023-27545, this flaw allows sensitive web page data to be stored locally on a system, making it accessible to other users. This information disclosure issue, while not a remote code execution or privilege escalation flaw, still poses significant risks to organizations handling private or regulated datasets.
This article simplifies the technical details of CVE-2023-27545, how it works, and what you can do to protect your data. You’ll also find code snippets, an example exploit, and the best official references.
What is IBM Watson CloudPak for Data?
IBM Watson CloudPak for Data is an integrated data and AI platform. Companies use it to connect, govern, and analyze their data with advanced analytics and machine learning. The platform makes extensive use of web-based dashboards and data stores, all running in a cloud or hybrid environment.
Type: Information Disclosure
The problem? When a user interacts with certain CloudPak web pages or apps, critical information is stored in the user's browser cache or on the local file system. Other users sharing the same machine can later access that cached data, exposing usernames, data schemas, or even sensitive query results.
Browser cache
- Session/localStorage APIs
Temporary files (HTML, JS, JSON, etc.)
In this CVE, certain Data Stores web pages in IBM CloudPak for Data do not properly control how data gets written to these local artifacts.
Example Exploit Scenario
1. User1 logs in, performs queries, and logs out. The browser stores useful data (such as session tokens, query results, or other web resources).
2. User2 logs in to the same local computer and, via their own browser profile or by accessing temporary directories, extracts User1's cached data.
Example Code: Finding Leftover Page Data
While the vulnerability isn't about code injection or direct hacking, here's a simple way to locate stored web files on a Linux system that hosts shared browser use, such as with Chromium or Firefox:
# Example: Searching for Data Stores cache files
# Run as a non-root user with access to /tmp or browser profile directories
find /home/*/.cache -type f -name '*.json' -exec grep -li 'cloudpak' {} \;
Adjust the user folder path as needed.
For Windows, try searching under C:\Users\<Name>\AppData\Local for cached web files.
Usernames
- Database/table schemas
analyst1 opens CloudPak for Data and inspects a sensitive report.
2. The page stores local files in /home/analyst1/.cache/chromium/Default/Cache/.
analyst1 forgets to log out or clear data.
4. analyst2 logs into the machine, switches to analyst1's account (if permitted), or uses a file-browsing privilege, and copies or greps for JSON or HTML files containing reusable data.
Note: This is not a remote exploit. A malicious user must have access to the victim’s local machine or storage.
Security Fix Status
IBM released patched versions after 4.6.. Upgrade immediately if you are on 4.6.! IBM also recommends:
Never share OS-level accounts across multiple users.
- Use private/incognito browsing for sensitive tasks.
Official IBM Security Bulletin:
IBM Watson Cloud Pak for Data: Data leakage vulnerability (CVE-2023-27545)
IBM X-Force Vulnerability Report:
NVD CVE Record:
Monitor and restrict access to user profile folders.
Remember: Information disclosure bugs like CVE-2023-27545 are subtle but can be just as serious as more famous vulnerabilities. Take action to keep your data safe!
Stay up-to-date on IBM security at IBM Security Bulletins.
Have more questions? Leave a comment below, or contact your IBM representative for a full security review.
Timeline
Published on: 02/29/2024 02:15:08 UTC
Last modified on: 02/29/2024 13:49:29 UTC