CVE-2023-6538

Name of the Vulnerable Software and Affected Versions SMU versions prior to 14.8.7825.01

Description The issue allows unintended information disclosure through URL manipulation. Authenticated users in Storage, Server, or combined Server+Storage administrative roles can access SMU configuration backup, which would normally be barred to those specific administrative roles.

Recommendations For SMU versions prior to 14.8.7825.01, update to version 14.8.7825.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMU configuration backup for users in Storage, Server, or combined Server+Storage administrative roles until a patch is available.