PT-2023-21381 · Ibm · Ibm Spectrum Protect Server

Publicado

2023-05-12

Atualizado

2023-05-19

CVE-2023-27863

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus Server version 10.1.13

Description The issue allows an elevated user to obtain SMB credentials under specific configurations, which may be used to access vSnap data stores.

Recommendations For IBM Spectrum Protect Plus Server version 10.1.13, consider restricting access to sensitive data stores and limiting user privileges to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and secure SMB credential storage and access controls.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-27863

Produtos afetados

Ibm Spectrum Protect Server

PT-2023-21381 · Ibm · Ibm Spectrum Protect Server

CVE-2023-27863

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6