Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-45184 CVSS:6.2

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks.

CVE-2023-49878 CVSS:4.3

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2023-43843 CVSS:5.9

IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2023-49877 CVSS:4.3

IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface.

Impact

• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2023-45184
• CVE-2023-49878
• CVE-2023-43843
• CVE-2023-49877

Affected Vendors

IBM

Affected Products

• IBM i Access Client Solutions 1.1.2
• IBM i Access Client Solutions 1.1.4
• IBM i Access Client Solutions 1.1.4.3
• IBM i Access Client Solutions 1.1.9.3
• IBM Virtualization Engine TS7700 3957-VEC 8.52.103.23
• IBM Virtualization Engine TS7700 3957-VED 8.52.103.23
• IBM Virtualization Engine TS7700 3957-VED 8.53.1.21
• IBM Virtualization Engine TS7700 3948-VED 8.53.1.21
• IBM Spectrum Scale 5.1.5.1
• IBM Spectrum Scale 5.1.5.0

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2023-45184

CVE-2023-49878

CVE-2023-43843

CVE-2023-49877