What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2023-40368.

What is the affected software for this vulnerability?

The affected software for this vulnerability is IBM Storage Protect Client version 8.1.0.0 through 8.1.19.0.

What is the severity of CVE-2023-40368?

The severity of CVE-2023-40368 is medium (4.4).

How can a privileged user obtain sensitive information from the IBM Storage Protect Client?

A privileged user can obtain sensitive information from the IBM Storage Protect Client through the administrative command line client.

Is there any reference material available for this vulnerability?

Yes, you can find reference material for this vulnerability at the following links: [link1](https://exchange.xforce.ibmcloud.com/vulnerabilities/263456), [link2](https://www.ibm.com/support/pages/node/7034288).

Vulnerability/
CVE-2023-40368

medium

4.4

CWE

200

20/9/2023

24/9/2024

CVE-2023-40368: IBM Storage Protect information disclosure

First published: Wed Sep 20 2023(Updated: )

IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.

Credit: psirt@us.ibm.com psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Storage Protect	>=8.1.0.0<=8.1.19.0
IBM Storage Protect Client	<=8.1.0.0 - 8.1.19.0
IBM Storage Protect for Space Management	<=8.1.0.0 - 8.1.19.0
IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V	<=8.1.0.0 - 8.1.19.0
IBM Storage Protect for Virtual Environments: Data Protection for VMware	<=8.1.0.0 - 8.1.19.0

Remedy

https://www.ibm.com/support/pages/node/7034288

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7034288

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-40368.
What is the affected software for this vulnerability?
The affected software for this vulnerability is IBM Storage Protect Client version 8.1.0.0 through 8.1.19.0.
What is the severity of CVE-2023-40368?
The severity of CVE-2023-40368 is medium (4.4).
How can a privileged user obtain sensitive information from the IBM Storage Protect Client?
A privileged user can obtain sensitive information from the IBM Storage Protect Client through the administrative command line client.
Is there any reference material available for this vulnerability?
Yes, you can find reference material for this vulnerability at the following links: [link1](https://exchange.xforce.ibmcloud.com/vulnerabilities/263456), [link2](https://www.ibm.com/support/pages/node/7034288).

agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/remedy
agent/title
agent/description
agent/first-publish-date
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm storage protect client
version/ibm storage protect client/8.1.0.0 - 8.1.19.0
canonical/ibm storage protect for space management
version/ibm storage protect for space management/8.1.0.0 - 8.1.19.0
canonical/ibm storage protect for virtual environments: data protection for microsoft hyper-v
version/ibm storage protect for virtual environments: data protection for microsoft hyper-v/8.1.0.0 - 8.1.19.0
canonical/ibm storage protect for virtual environments: data protection for vmware
version/ibm storage protect for virtual environments: data protection for vmware/8.1.0.0 - 8.1.19.0
canonical/ibm storage protect
version/ibm storage protect/8.1.0.0
version/ibm storage protect/8.1.19.0