CVE-2023-50948Use of Hard-coded Password in IBM Storage Fusion HCI

CWE-259Use of Hard-coded PasswordCWE-798Hard-coded Credentials2 documents2 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 78.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Storage Fusion HCI
Timeline
PublishedJan 8

Description

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDibm/storage_fusion_hci2.1.02.7.1
CVEListV5ibm/storage_fusion_hci2.1.02.6.1

🔴Vulnerability Details

1
GHSA
GHSA-gpcp-gx8h-767w: IBM Storage Fusion HCI 22024-01-08