Severity
Medium
Analysis Summary
CVE-2023-46169 CVSS:6.5
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file.
CVE-2023-46170 CVSS:6.5
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names.
CVE-2023-46171 CVSS:4.3
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames.
CVE-2023-46172 CVSS:5.6
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user.
Impact
- Security Bypass
- Data Manipulation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-46169
- CVE-2023-46170
- CVE-2023-46171
- CVE-2023-46172
Affected Vendors
IBM
Affected Products
- IBM DS8900F 89.21.31.0
- IBM DS8900F 89.21.19.0
- IBM DS8900F 89.30.68.0
- IBM DS8900F 89.32.40.0
- IBM DS8900F 89.33.48.0
Remediation
Refer to the appropriate IBM Security Advisory for patch, upgrade or suggested workaround information.