CVE-2023-46170: IBM DS8900F HMC <=89.32.40.0 Authenticated File Read
CVE-2023-46170 Published on March 7, 2024

IBM DS8900F information disclosure
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-46170 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).


Products Associated with CVE-2023-46170

Want to know whenever a new CVE is published for IBM Ds8900f Firmware? stack.watch will email you.

IBM Ds8900f Firmware
 

Affected Versions

IBM DS8900F Version 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, 89.33.48.0 is affected by CVE-2023-46170

Exploit Probability

EPSS
0.05%
Percentile
16.06%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.