SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
CPE | Name | Operator | Version |
---|---|---|---|
system_management_unit_firmware | lt | 14.8.7825.01 |