Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2
CVE-2023-43040

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Fusion Hci
Vendor: CVE Published:; 14 May 2024

Badges

👾 Exploit Exists🟣 EPSS 10%

What is CVE-2023-43040?

IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 are susceptible to a vulnerability that could enable an attacker to perform unauthorized actions within the RGW for Ceph. This issue arises from improper access controls related to bucket management. Organizations utilizing these versions are advised to review their configurations and implement security measures to mitigate the risk of exploitation. Reference IBM's advisory for further details.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spectrum Fusion HCI 2.5.2 <= 2.7.2

References

https://www.ibm.com/support/pages/node/7151040

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/266807

vdb-entry

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jul 30, 2024
👾
Exploit known to exist
Jul 30, 2024
Vulnerability published
May 14, 2024
Vulnerability Reserved
Sep 15, 2023

Credit

Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean

JSON

IBM

Badges

What is CVE-2023-43040?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.