CVE-2023-47148 MEDIUM

CVE-2023-47148: IBM Storage Protect Plus Server information disclosure

Vendor Ibm
Product Storage Protect Plus Server
Weakness CWE-862 · Missing authorization
Published February 2, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.

Key dates

02Disclosure timeline

February 2, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-64222 WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability CVE-2025-3952 Projectopia &#8211; WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion CVE-2022-41272 CVE-2023-51360 WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder