IBM Storage Virtualize information disclosure
CVE-2023-43042

7.5HIGH

Key Information:

Vendor: IBM
Status: Storage Virtualize
Vendor: CVE Published:; 14 December 2023

What is CVE-2023-43042?

IBM Storage Products, including the SAN Volume Controller, Storwize, FlashSystem, and Storage Virtualize 8.3, are susceptible to a security flaw due to the use of default passwords for a privileged user account. This vulnerability can potentially allow unauthorized access to sensitive data and administrative functions, presenting significant security risks for organizations relying on these systems.

Affected Version(s)

Storage Virtualize 8.3

References

https://https://www.ibm.com/support/pages/node/7064976

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/266874

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Sep 15, 2023