IBM Storage Virtualize improper certificate validation
CVE-2023-47700

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Storage Virtualize
Vendor: CVE Published:; 7 February 2024

Summary

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.

Affected Version(s)

Storage Virtualize 8.6

References

https://www.ibm.com/support/pages/node/7114767

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/271016

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2024
Vulnerability Reserved
Nov 9, 2023