Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM28523A381C6C377C3A9FFF9029ED96205F79ABF30FD592139FA5D253C069AF02
HistoryMay 11, 2024 - 4:52 p.m.

Security Bulletin: IBM Storage Fusion HCI is vulnerable to unauthorized access due to a flaw in Ceph RGW.

2024-05-1116:52:48
www.ibm.com
6
ibm storage fusion hci
ceph rgw
unauthorized access
improper bucket access
upgrade to v2.8.0

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

Summary

Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040.

Vulnerability Details

CVEID:CVE-2023-43040
**DESCRIPTION:**IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266807 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
—|—
IBM Storage Fusion HCI| 2.5.2 - 2.7.2

Remediation/Fixes

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Storage Fusion HCI 2.5.2 - 2.7.2 Upgrade IBM Storage Fusion HCI to v2.8.0, then upgrade Data Foundation

For upgrade instructions, see

Workarounds and Mitigations

NA

Related

veracode 1
ubuntucve 1
cve 1
openvas 2
amazon 1
nessus 4
redhatcve 1
cvelist 1
debiancve 1
redhat 3
veracode
veracode
Improper Access Control
2023-10-10 03:23:18
ubuntucve
ubuntucve
CVE-2023-43040
2023-09-27 00:00:00
cve
cve
CVE-2023-43040
2024-05-14 13:46:23
openvas
openvas
Ubuntu: Security Advisory (USN-6613-1)
2024-01-30 00:00:00
Debian: Security Advisory (DLA-3629-1)
2023-10-24 00:00:00
amazon
amazon
Medium: ceph-common
2023-10-12 15:09:00
nessus
nessus
Amazon Linux 2 : ceph-common (ALAS-2023-2297)
2023-10-20 00:00:00
RHEL 8 / 9 : Red Hat Ceph Storage 5.3 Security update (Moderate) (RHSA-2024:0745)
2024-02-09 00:00:00
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:5693)
2023-10-12 00:00:00
redhatcve
redhatcve
CVE-2023-43040
2023-09-27 06:24:45
cvelist
cvelist
CVE-2023-43040 IBM Spectrum Fusion HCI improper access control
2024-05-13 02:18:30
debiancve
debiancve
CVE-2023-43040
2024-05-14 13:46:23
redhat
redhat
(RHSA-2024:0745) Moderate: Red Hat Ceph Storage 5.3 Security update
2024-02-08 16:19:54
(RHSA-2023:5693) Moderate: Red Hat Ceph Storage 6.1 security, enhancement, and bug fix update
2023-10-12 16:11:56
(RHSA-2023:6832) Important: Red Hat OpenShift Data Foundation 4.14.0 security, enhancement & bug fix update
2023-11-08 18:47:43

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for 28523A381C6C377C3A9FFF9029ED96205F79ABF30FD592139FA5D253C069AF02
veracode1ubuntucve1cve1openvas2amazon1nessus4redhatcve1cvelist1debiancve1redhat3