Information Exposure Through an Error Message in products

#VU91590 Information Exposure Through an Error Message in products

Cybersecurity Help s.r.o.

Published: 2024-06-10

Vulnerability identifier: #VU91590

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49878

CWE-ID: CWE-209

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Virtualization Engine TS7700 3957-VEC
Hardware solutions / Firmware
Virtualization Engine TS7700 3957-VED
Hardware solutions / Firmware
IBM Virtualization Engine TS7700 3948-VED
Other software / Other software solutions

Vendor:

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability occurs when a detailed technical error message is returned in the browser. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.ibm.com/support/pages/node/7092383
http://exchange.xforce.ibmcloud.com/vulnerabilities/272652

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM System Storage Virtualization Engine TS7700