IBM Spectrum Virtualize Information Disclosure Vulnerability (CNVD-2023-40603)

IBM Spectrum Virtualize is a block storage virtualization system from International Business Machines (IBM), Inc. that increases the data value, security and simplicity of new and existing storage infrastructures. An information disclosure vulnerability exists in IBM Spectrum Virtualize version 8.5 that stems from the possibility of disclosing sensitive credential information during a download from Fix Central under certain circumstances. An attacker could exploit the vulnerability to obtain sensitive information.