Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2
CVE-2023-43040
6.5MEDIUM
Key Information
- Vendor
- IBM
- Status
- Spectrum Fusion Hci
- Vendor
- CVE Published:
- 14 May 2024
Badges
👾 Exploit Exists
Summary
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.
Affected Version(s)
Spectrum Fusion HCI <= 2.7.2
Refferences
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database0 Proof of Concept(s)
Credit
Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean