Cleartext storage of sensitive information in Fujitsu Software Infrastructure Manager



Published: 2023-09-14
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-39903
CWE-ID CWE-312
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Infrastructure Manager Advanced Edition
Server applications / Other server solutions

Infrastructure Manager Advanced Edition for PRIMEFLEX
Server applications / Other server solutions

Infrastructure Manager Essential Edition
Server applications / Other server solutions

Vendor Fujitsu

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Cleartext storage of sensitive information

EUVDB-ID: #VU80784

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-39903

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to cleartext storage of sensitive information in the ismsnap component. A local user can retrieve the password for the proxy server that is configured in ISM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Infrastructure Manager Advanced Edition: 2.8.0.060

Infrastructure Manager Advanced Edition for PRIMEFLEX: 2.8.0.060

Infrastructure Manager Essential Edition: 2.8.0.060

Fixed software versions

CPE2.3 External links

http://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-ISS-IS-2023-071410-Security-Notice.pdf
http://security.ts.fujitsu.com/IndexDownload.asp?SoftwareGuid=a0131919-6d84-43b4-800e-d7f78200a70f
http://www.cisa.gov/news-events/ics-advisories/icsa-23-255-02


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###