CVE-2023-39379

04.08.2023, 10:15

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
jpcert	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
fujitsu	software_infrastructure_manager	2.8.0.060
fujitsu	software_infrastructure_manager	2.8.0.060
fujitsu	software_infrastructure_manager	2.8.0.060

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-312 - Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://jvn.jp/en/jp/JVN38847224/

https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en

https://jvn.jp/en/jp/JVN38847224/

https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en