Skip to main content

CVE-2023-6538

Description

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-6538
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Hitachi Vantara
Severity: HIGH
CVE ID: CVE-2023-6538
CVSS Score: 7.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Refrence: NVDMITRE

Proof Of Concept

Arszilla

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8