Hard-Coded Credentials Vulnerability in IBM Storage Fusion HCI
CVE-2023-50948

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Storage Fusion Hci
Vendor: CVE Published:; 8 January 2024

What is CVE-2023-50948?

IBM Storage Fusion HCI versions 2.1.0 through 2.6.1 contain hard-coded credentials that are utilized for various operations, including inbound authentication and outbound communications with external components. This flaw can lead to unauthorized access and potential exploitation due to the insecure management of passwords and cryptographic keys. Users of these affected versions should review their implementations while monitoring for security updates from IBM to mitigate any associated risks.

Affected Version(s)

Storage Fusion HCI 2.1.0 <= 2.6.1

References

https://www.ibm.com/support/pages/node/7105509

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/275671

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2024