Severity
Medium
Analysis Summary
CVE-2023-45184 CVSS:6.2
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks.
CVE-2023-49878 CVSS:4.3
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2023-43843 CVSS:5.9
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2023-49877 CVSS:4.3
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-45184
- CVE-2023-49878
- CVE-2023-43843
- CVE-2023-49877
Affected Vendors
IBM
Affected Products
- IBM i Access Client Solutions 1.1.2
- IBM i Access Client Solutions 1.1.4
- IBM i Access Client Solutions 1.1.4.3
- IBM i Access Client Solutions 1.1.9.3
- IBM Virtualization Engine TS7700 3957-VEC 8.52.103.23
- IBM Virtualization Engine TS7700 3957-VED 8.52.103.23
- IBM Virtualization Engine TS7700 3957-VED 8.53.1.21
- IBM Virtualization Engine TS7700 3948-VED 8.53.1.21
- IBM Spectrum Scale 5.1.5.1
- IBM Spectrum Scale 5.1.5.0
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.