CVE-2023-6538

Summary

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraSystem Management Unit (SMU)6.0 < 14.8.7825.01affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References