SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: HITVAN
Published: 2023-12-11T17:54:11.961Z
Updated: 2023-12-12T16:37:19.900Z
Reserved: 2023-12-05T22:12:50.307Z
Link: CVE-2023-6538
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-11T18:15:30.250
Modified: 2023-12-14T17:02:15.203
Link: CVE-2023-6538
JSON object: View
Redhat Information
No data.
CWE