A vulnerability in libcurl may allow a remote attacker to bypass security restrictions in IBM Storage Scale System. A fix for this vulnerability is available.
CVEID:CVE-2023-28322
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST… By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Scale System | 6.1.0.0 - 6.1.2.8 |
IBM Storage Scale System | 6.1.3.0 - 6.1.9.1 |
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Storage Scale System 3000, 3200, 3500 and 5000 to the following code levels or higher:
V6.1.2.9 or later
V6.1.9.2 or later
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm storage scale system | eq | 6.1. |