CVE-2023-40371Use of a Broken or Risky Cryptographic Algorithm in IBM Vios

CWE-327Use of a Broken or Risky Cryptographic AlgorithmCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.0%
top 98.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM AIXIBM Vios
Timeline
PublishedAug 24

Description

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDibm/vios3.1
CVEListV5ibm/aix7.2, 7.3, VIOS 3.1
NVDibm/aix7.2, 7.3+1

🔴Vulnerability Details

2
GHSA
GHSA-gv29-2vcq-f68m: IBM AIX 72023-08-24
CVEList
IBM AIX information disclosure2023-08-24
CVE-2023-40371 — IBM Vios vulnerability | cvebase