CVE-2023-6538
published 2023-12-11CVE-2023-6538: SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or…
PriorityP344medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.58%
72.5th percentile
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi | system_management_unit_firmware | < 14.8.7825.01 | 14.8.7825.01 |
| hitachi_vantara | system_management_unit | >= 6.0 < 14.8.7825.01 | 14.8.7825.01 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
postgresql-10 vulnerabilities
osv·2024-01-17·CVSS 4.3
CVE-2023-5868 postgresql-10 vulnerabilities
postgresql-10 vulnerabilities
USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides
the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details:
Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown
arguments in aggregate function calls. A remote attacker could possibly use
this issue to obtain sensitive information. (CVE-2023-5868)
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying
certain SQL array values. A remote attacker could use this issue to obtain
sensitive information, or possibly execute arbitrary code. (CVE-2023-5869)
Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL
allowed the pg_signal_backend role to signal certain superuser processes,
contrary to expectations. (CVE-20
GHSA
GHSA-6r92-968h-m757: SMU versions prior to 14
ghsa_unreviewed·2023-12-11
CVE-2023-6538 [HIGH] CWE-285 GHSA-6r92-968h-m757: SMU versions prior to 14
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
No detection rules found.
No writeups or analysis indexed.
https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data.https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data.
2023-12-11
Published