CVE-2023-39379

Name of the Vulnerable Software and Affected Versions Fujitsu Software Infrastructure Manager Advanced Edition version 2.8.0.060 Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX version 2.8.0.060 Fujitsu Software Infrastructure Manager Essential Edition version 2.8.0.060

Description The issue is related to the storage of sensitive information in cleartext form at the product's maintenance data (ismsnap). This allows the retrieval of the password for the proxy server configured in the system. An attacker could exploit this to gain access to the proxy server's credentials, potentially leading to privilege escalation.

Recommendations For Fujitsu Software Infrastructure Manager Advanced Edition version 2.8.0.060, consider disabling access to the maintenance data (ismsnap) until a patch is available. For Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX version 2.8.0.060, restrict access to the proxy server credentials to minimize the risk of exploitation. For Fujitsu Software Infrastructure Manager Essential Edition version 2.8.0.060, avoid using the cleartext storage for sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.