Arbitrary File Deletion Vulnerability in IBM DS8900F HMC
CVE-2023-46169

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Ds8900f
Vendor: CVE Published:; 7 March 2024

Summary

A vulnerability in the IBM DS8900F Management Console allows authenticated users to perform arbitrary file deletions. This poses significant risks to the stability and security of the data managed by the console, potentially leading to data loss and operational disruptions. Affected versions include specific releases of the management console, making it critical for users to assess their installations and apply necessary updates. For detailed insights and guidance, refer to the vendor's advisory and vulnerability database entries.

Affected Version(s)

DS8900F 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, 89.33.48.0

References

https://www.ibm.com/support/pages/node/7130084

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/269406

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Oct 17, 2023