CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
IBM Storage Defender – Data Protect is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilitiy has been addressed. CVE-2023-4623
CVEID:CVE-2023-4623
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: sch_hfsc (HFSC qdisc traffic control) component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265426 for the current score.
CVSS Vector:
Affected Product(s) | Version(s) |
---|---|
IBM Storage Defender - Data Protect | 1.0.0 - 2.0.5 |
IBM strongly recommends updating IBM Storage Defender – Data Protect to version 2.0.5.1 or later. Reference this document which describes how to download installation images for IBM Storage Defender. Link to Fix Central here.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_defender | 2.0.4 | cpe:2.3:a:ibm:storage_defender:2.0.4:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High