SB2023091511 - Multiple vulnerabilities in IBM Storage Fusion and IBM Storage Fusion HCI 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091511

SB2023091511 - Multiple vulnerabilities in IBM Storage Fusion and IBM Storage Fusion HCI

Published: September 15, 2023

Security Bulletin ID SB2023091511
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Inefficient Algorithmic Complexity (CVE-ID: CVE-2022-25881)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to regular expression denial of service that occurs when the server reads the cache policy from the request using this library. A remote unauthenticated attacker can send malicious request header values to the server and perform a denial of service attack.


2) Uncaught Exception (CVE-ID: CVE-2023-2251)

The vulnerability allows a remote attacker to cause a denial of service condition.

The vulnerability exists due uncaught exception in the parseDocument() and parseAllDocuments() functions. A remote unauthenticated attacker can send a specially crafted input and cause a denial of service condition.


3) Download of code without integrity check (CVE-ID: CVE-2023-29401)

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to software does not perform software integrity check when downloading updates. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and modify data on the system.


Remediation

Install update from vendor's website.

References