Use of Hard-coded Password

CVE-2023-50948

Medium

6.5/10

Summary

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-259 - Use of Hard-coded Password

The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References

Advisory Timeline

Published Jan 08, 2024

Use of Hard-coded Password

CVE-2023-50948

Summary

CWE-259 - Use of Hard-coded Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS