Lucene search

IbmVULNRICHMENT:CVE-2023-46170

HistoryMar 07, 2024 - 8:31 p.m.

CVE-2023-46170 IBM DS8900F information disclosure

2024-03-0720:31:38

CWE-200

ibm

github.com

ibm

ds8900f

information disclosure

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names. IBM X-Force ID: 269407.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "DS8900F",
    "versions": [
      {
        "status": "affected",
        "version": "89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, 89.33.48.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/269407

www.ibm.com/support/pages/node/7130084

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-46170