CVE-2023-39903

Name of the Vulnerable Software and Affected Versions Fujitsu Software Infrastructure Manager (ISM) versions prior to 2.8.0.061

Description An issue in the ismsnap component of Fujitsu Software Infrastructure Manager (ISM) allows insecure collection and storage of authorization credentials in cleartext. This occurs when users perform ISM Firmware Repository Address setup tests or regularly authorize against a configured remote firmware repository site. A privileged attacker can potentially gather associated ismsnap maintenance data. The preconditions for vulnerability include the Download Firmware function being enabled and configured, and the use of the backslash character in a user credential of the remote proxy host or firmware repository server.

Recommendations For versions prior to 2.8.0.061, update to version 2.8.0.061 or later to resolve the issue. As a temporary workaround, consider restricting access to the ismsnap component and avoiding the use of the backslash character in user credentials for the remote proxy host or firmware repository server.