#VU91591 Information disclosure in IBM Corporation products - CVE-2023-49877

Cybersecurity Help s.r.o.

Published: 2024-06-10

Vulnerability identifier: #VU91591

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-49877

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Virtualization Engine TS7700 3957-VEC
Hardware solutions / Firmware
Virtualization Engine TS7700 3957-VED
Hardware solutions / Firmware
IBM Virtualization Engine TS7700 3948-VED
Other software / Other software solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to improper filtering of URLs. A remote user can submit a specially crafted HTTP GET request to view application source code, system configuration information, or other sensitive data related to the Management Interface

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Virtualization Engine TS7700 3957-VEC: before 8.52.103.23

IBM Virtualization Engine TS7700 3948-VED: before 8.53.1.21

Virtualization Engine TS7700 3957-VED: before 8.52.103.23

External links
https://www.ibm.com/support/pages/node/7092383
https://exchange.xforce.ibmcloud.com/vulnerabilities/272651

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM System Storage Virtualization Engine TS7700