CVE-2023-49877

{"id": "CVE-2023-49877", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-12-13T21:15:08.040", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272651", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7092383", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651."}, {"lang": "es", "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podr\u00eda permitir que un usuario autenticado remotamente obtenga informaci\u00f3n confidencial, causada por un filtrado inadecuado de las URL. Al enviar una solicitud HTTP GET especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para ver el c\u00f3digo fuente de la aplicaci\u00f3n, informaci\u00f3n de configuraci\u00f3n del sistema u otros datos confidenciales relacionados con la interfaz de administraci\u00f3n. ID de IBM X-Force: 272651."}], "lastModified": "2023-12-19T02:08:47.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6AE6909-E2BD-4E40-ACCF-42539FC45520", "versionEndIncluding": "8.52.103.23"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.2.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1F27A40-DCF1-49D5-8550-C9135A7775C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D6C62B2-B179-40AE-8D3E-0C1C44B129C7", "versionEndIncluding": "8.53.1.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75A467BF-72F2-428C-AD92-DAD31C5D1E6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CA58C54-0E7F-40F6-9204-8961A58BCECA", "versionEndIncluding": "8.52.103.23"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.2.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F009408-2553-4A3D-808A-E390295A66E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E04A6F2B-1762-48FD-A794-9E01D1D9E3C3", "versionEndIncluding": "8.53.1.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "29DAE222-4508-4BCA-B17D-2CEBF1A34B4A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3948-ved_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DA59D69-2B5C-4728-AF12-6C7D59A9CD38", "versionEndIncluding": "8.53.1.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3948-ved:r5.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FCDA91D5-7A2D-4047-B3FB-21EF8274C2AA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}