CVE-2023-47715: IBM Storage Protect Plus Server improper access control
First published: Wed Mar 20 2024(Updated: )
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Storage Protect Plus | >=10.1.0<=10.1.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-47715?
CVE-2023-47715 has been categorized as a medium severity vulnerability.
How do I fix CVE-2023-47715?
To fix CVE-2023-47715, upgrade IBM Storage Protect Plus Server to version 10.1.17 or later.
Who is affected by CVE-2023-47715?
CVE-2023-47715 affects IBM Storage Protect Plus Server versions 10.1.0 through 10.1.16.
What type of vulnerability is CVE-2023-47715?
CVE-2023-47715 is a configuration manipulation vulnerability that allows unauthorized changes by authenticated users.
Can read-only authenticated users exploit CVE-2023-47715?
Yes, authenticated users with read-only permissions can exploit CVE-2023-47715 to modify HyperVisor configurations.
- agent/title
- agent/references
- agent/type
- collector/ibm-support
- source/IBM
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm storage protect plus
- version/ibm storage protect plus/10.1.0
- version/ibm storage protect plus/10.1.16