Permissions, Privileges, and Access Controls in Storage Protect Plus Container Agent

#VU87731 Permissions, Privileges, and Access Controls in Storage Protect Plus Container Agent

Published: 2024-03-22

Vulnerability identifier: #VU87731

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47715

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Storage Protect Plus Container Agent
Other software / Other software solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to application does not properly impose security restrictions. An authenticated user with read-only permissions can add or delete entries from an existing HyperVisor configuration.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Storage Protect Plus Container Agent : All versions

External links
http://www.ibm.com/support/pages/node/7144861
http://exchange.xforce.ibmcloud.com/vulnerabilities/271538

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Storage Protect Plus Server