Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2

CVE-2023-43040

6.5MEDIUM

Key Information

Vendor: IBM
Status: Spectrum Fusion Hci
Vendor: CVE Published:; 14 May 2024

Badges

👾 Exploit Exists

Summary

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

Affected Version(s)

Spectrum Fusion HCI <= 2.7.2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jul 30, 2024
Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Sep 15, 2023

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)

Credit

Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean