Lucene search

IbmVULNRICHMENT:CVE-2023-38002

HistoryApr 30, 2024 - 2:40 p.m.

CVE-2023-38002 IBM Storage Scale session fixation

2024-04-3014:40:43

CWE-384

ibm

github.com

ibm

storage scale

authenticated

session manipulation

x-force id 260208

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Storage Scale",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "5.1.9.2",
        "status": "affected",
        "version": "5.1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:storage_scale:-:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "storage_scale",
    "versions": [
      {
        "status": "affected",
        "version": "5.1.0.0",
        "versionType": "custom",
        "lessThanOrEqual": "5.1.9.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/260208

www.ibm.com/support/pages/node/7149699