Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2

CVE-2023-43040

6.5MEDIUM

Key Information

Vendor: IBM
Status: Spectrum Fusion Hci
Vendor: Published:; 14 May 2024

Summary

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

Affected Version(s)

Spectrum Fusion HCI <= 2.7.2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

NONE

Integrity:

HIGH

Availability:

LOW

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Sep 15, 2023

Collectors

NVD DatabaseMitre Database

Credit

Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean