Lucene search

K
vulnrichmentIbmVULNRICHMENT:CVE-2023-43040
HistoryMay 13, 2024 - 2:18 a.m.

CVE-2023-43040 IBM Spectrum Fusion HCI improper access control

2024-05-1302:18:30
CWE-1220
ibm
github.com
1
ibm
spectrum fusion hci
unauthorized access control
rgw
ceph

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

9.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Spectrum Fusion HCI",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "2.7.2",
        "status": "affected",
        "version": "2.5.2",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

9.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial