CVE-2023-49877

Name of the Vulnerable Software and Affected Versions IBM System Storage Virtualization Engine TS7700 versions 3957-VEC, 3948-VED

Description The issue allows a remote authenticated user to obtain sensitive information due to improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this to view application source code, system configuration information, or other sensitive data related to the Management Interface.

Recommendations For versions 3957-VEC and 3948-VED, consider restricting access to the Management Interface until a patch is available. As a temporary workaround, avoid using the vulnerable URL filtering mechanism in the Management Interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.