Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2
CVE-2023-43040
6.5MEDIUM
Summary
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.
Affected Version(s)
Spectrum Fusion HCI <= 2.7.2
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
NONE
Integrity:
HIGH
Availability:
LOW
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean