Active Session Theft Vulnerability Affects IBM Storage Scale
CVE-2023-38002

8.8HIGH

Key Information:

Vendor: IBM
Status: Storage Scale
Vendor: CVE Published:; 30 April 2024

What is CVE-2023-38002?

A vulnerability exists within IBM Storage Scale versions 5.1.0.0 through 5.1.9.2 that permits an authenticated user to improperly access or manipulate an active session. This allows for potential unauthorized access to system resources, posing significant security risks. Organizations using affected versions should evaluate their security posture and consider applying relevant patches or mitigation strategies to safeguard against unauthorized session exploitation.

Affected Version(s)

Storage Scale 5.1.0.0 <= 5.1.9.2

References

https://www.ibm.com/support/pages/node/7149699

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/260208

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2024
Vulnerability Reserved
Jul 11, 2023