CVE-2023-49878 – IBM System Storage Virtualization Engine information disclosure
https://notcve.org/view.php?id=CVE-2023-49878
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 272652. IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría usarse en futuros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272652 https://www.ibm.com/support/pages/node/7092383 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-49877 – IBM System Storage Virtualization Engine information disclosure
https://notcve.org/view.php?id=CVE-2023-49877
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651. IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podría permitir que un usuario autenticado remotamente obtenga información confidencial, causada por un filtrado inadecuado de las URL. Al enviar una solicitud HTTP GET especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para ver el código fuente de la aplicación, información de configuración del sistema u otros datos confidenciales relacionados con la interfaz de administración. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272651 https://www.ibm.com/support/pages/node/7092383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-24958 – IBM TS7700 Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-24958
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246320 https://www.ibm.com/support/pages/node/6980845 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •