Remote Credential Exposure in IBM Storage Virtualize vSphere Plug-in
CVE-2023-43029

10CRITICAL

Key Information:

Vendor: IBM
Status: Storage Virtualize Vsphere Remote Plug-in
Vendor: CVE Published:; 21 March 2025

Summary

The IBM Storage Virtualize vSphere Remote Plug-in versions 1.0 and 1.1 are susceptible to a remote vulnerability that enables an attacker to access sensitive credential information after deployment. This could lead to unauthorized access and compromise the security of the affected systems. Users and administrators must implement necessary measures to mitigate this risk as outlined in the vendor advisory.

Affected Version(s)

Storage Virtualize vSphere Remote Plug-in 1.0, 1.1

References

https://www.ibm.com/support/pages/node/7228722

vendor-advisory

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Sep 15, 2023