CVE-2023-43040

EPSS 5.75%
Veröffentlicht 14.05.2024 13:46:23
Zuletzt bearbeitet 04.11.2025 20:17:06
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Spectrum Fusion HCI improper access control

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access.  IBM X-Force ID:  266807.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Storage Fusion Hci Version >= 2.5.2 < 2.8.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.75%	0.905

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-1220 Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/266807

Vendor Advisory

https://www.ibm.com/support/pages/node/7151040

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html

https://nvd.nist.gov/vuln/detail/CVE-2023-43040

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-43040

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-43040

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-43040