CVE-2023-27870

Name of the Vulnerable Software and Affected Versions IBM Spectrum Virtualize version 8.5

Description The issue is related to insufficient protection of service data during the download process from Fix Central, which could lead to the disclosure of sensitive credential information under certain circumstances. This can be exploited by a remote attacker to gain unauthorized access to protected information when using the satask downloadsoftware command or the "Obtain the package directly" option.

Recommendations For IBM Spectrum Virtualize version 8.5, as a temporary workaround, consider restricting access to the Fix Central download feature until a patch is available. Avoid using the satask downloadsoftware command or the "Obtain the package directly" option in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.