CVE-2023-47700— IBM Storage Virtualize improper certificate validation

IBM Storage Virtualize improper certificate validation

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

证书验证不恰当

IBM SAN Volume Controller 信任管理问题漏洞

IBM SAN Volume Controller是美国国际商业机器（IBM）公司的一套存储虚拟化系统。该系统可对存储资源实现单点控制，并支持分层存储、整合存储和灾备恢复等。 IBM SAN Volume Controller存在信任管理问题漏洞，该漏洞源于部分证书未在 IBM Storage Virtualize 产品上的 GUI 中正确验证。

N/A

N/A