CVE-2023-47700

Name of the Vulnerable Software and Affected Versions IBM SAN Volume Controller version 8.6 IBM Storwize version 8.6 IBM FlashSystem version 8.6 IBM Storage Virtualize version 8.6

Description The issue allows a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data.

Recommendations For IBM SAN Volume Controller version 8.6, consider restricting access to the Storwize server until a patch is available. For IBM Storwize version 8.6, consider disabling the validation mechanism temporarily to minimize the risk of exploitation. For IBM FlashSystem version 8.6, restrict access to the system to prevent potential spoofing attacks. For IBM Storage Virtualize version 8.6, avoid using the system for trusted connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.