Main Vulnerability Database Vulnerabilities #VU94638

#VU94638 Improper Authentication in Storage Virtualize - CVE-2024-39723

Published: July 22, 2024

Vulnerability identifier: #VU94638

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-39723

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Storage Virtualize

Software vendor:
IBM Corporation

Description

The vulnerability allows a user with physical access to the system to bypass authentication process.

The vulnerability exists due to IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled. A user with physical access to the system can use the USB port to cause loss of access to data.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7159333
https://exchange.xforce.ibmcloud.com/vulnerabilities/295935

#VU94638 Improper Authentication in Storage Virtualize - CVE-2024-39723

Description

Remediation

External links

Please verify you're human