Unauthorized Access to RGW for Ceph in Spectrum Fusion HCI 2.5.2-2.7.2

CVE-2023-43040

6.5MEDIUM

Key Information

Vendor
IBM
Status
Spectrum Fusion Hci
Vendor
CVE Published:
14 May 2024

Badges

👾 Exploit Exists

Summary

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

Affected Version(s)

Spectrum Fusion HCI <= 2.7.2

Refferences

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)

Credit

Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean
.