CVE-2023-43042

IBM Storage Virtualize information disclosure

CVSS 7.5 HIGHEPSS 0.7%CWE-1393

In short

IBM storage systems come with default passwords for privileged accounts that are never changed during setup, allowing unauthorized access to critical storage infrastructure.

Technical detail

The vulnerability stems from hardcoded default credentials for elevated user accounts in IBM SAN Volume Controller, Storwize, FlashSystem, and Storage Virtualize 8.3. An attacker with network access to the management interface can authenticate using these publicly known defaults, gaining privileged control over storage resources and sensitive data.

Summary generated and translated by AI from the official description.

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

IBM · Storage Virtualize

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/266874 https://https://www.ibm.com/support/pages/node/7064976