Sensitive Data Exposure in Fujitsu Software Infrastructure Manager
CVE-2023-39379

7.5HIGH

Key Information:

Vendor: Fujitsu Limited
Status: Fujitsu Software Infrastructure Manager Advanced Edition; Fujitsu Software Infrastructure Manager Advanced Edition For Primeflex; Fujitsu Software Infrastructure Manager Essential Edition
Vendor: CVE Published:; 4 August 2023

🔔 Create Fujitsu Limited Vulnerability Alert

What is CVE-2023-39379?

Fujitsu Software Infrastructure Manager (ISM) has a vulnerability where sensitive information, including the proxy server password, is stored in plain text within the maintenance data (ismsnap). This oversight allows unauthorized access to crucial credentials, potentially compromising the security of the affected systems. The vulnerability impacts specific versions of the software, which include the Advanced Edition and Essential Edition, specifically V2.8.0.060.

Affected Version(s)

Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060

Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060

Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060

References

https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en

https://jvn.jp/en/jp/JVN38847224/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Jul 31, 2023

JSON