IBM Storage Scale up to 5.1.9.2 session fixiation

Summaryinfo

A vulnerability classified as critical was found in IBM Storage Scale up to 5.1.9.2. The impacted element is an unknown function. The manipulation results in session fixiation. This vulnerability is known as CVE-2023-38002. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in IBM Storage Scale up to 5.1.9.2. It has been classified as critical. Affected is an unknown function. The manipulation with an unknown input leads to a session fixiation vulnerability. CWE is classifying the issue as CWE-384. Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.

The advisory is shared for download at ibm.com. This vulnerability is traded as CVE-2023-38002 since 07/11/2023. The exploitability is told to be difficult. It is possible to launch the attack remotely. There are neither technical details nor an exploit publicly available.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (260208). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• IBM

Name

• Storage Scale

Version

• 5.1.9.0
• 5.1.9.1
• 5.1.9.2

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion