CVE-2023-47715Improper Privilege Management in IBM Storage Protect Plus Server

CWE-269Improper Privilege Management3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 93.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Storage Protect Plus ServerIBM Storage Protect Plus
Timeline
PublishedMar 21

Description

IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/storage_protect_plus_server10.1.010.1.16
NVDibm/storage_protect_plus10.1.010.1.16

🔴Vulnerability Details

2
CVEList
IBM Storage Protect Plus Server improper access control2024-03-21
GHSA
GHSA-4pmx-x3px-qgrr: IBM Storage Protect Plus Server 102024-03-21
CVE-2023-47715 — Improper Privilege Management in IBM | cvebase