CVE-2023-47700 — MEDIUM (5.9)

Vulnerability Description

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Storage Virtualize	8.6

Related Weaknesses (CWE)

CWE-295

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/271016VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/7114767Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/271016VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/7114767Vendor Advisory

FAQ

What is CVE-2023-47700?

CVE-2023-47700 is a vulnerability with a CVSS score of 5.9 (MEDIUM). IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the St...

How severe is CVE-2023-47700?

CVE-2023-47700 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-47700?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storage Virtualize.