CVE-2023-39379 — HIGH (7.5)

Vulnerability Description

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Fujitsu	Software Infrastructure Manager	2.8.0.060

Related Weaknesses (CWE)

CWE-312

References

https://jvn.jp/en/jp/JVN38847224/Third Party Advisory
https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=enProduct
https://jvn.jp/en/jp/JVN38847224/Third Party Advisory
https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=enProduct

FAQ

What is CVE-2023-39379?

CVE-2023-39379 is a vulnerability with a CVSS score of 7.5 (HIGH). Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configu...

How severe is CVE-2023-39379?

CVE-2023-39379 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39379?

Check the references section above for vendor advisories and patch information. Affected products include: Fujitsu Software Infrastructure Manager.