CVE-2024-39723 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.6 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ibm	CNA	4.6 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
ibm	storage_virtualize	8.6

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.
CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/295935

https://www.ibm.com/support/pages/node/7159333

https://exchange.xforce.ibmcloud.com/vulnerabilities/295935

https://www.ibm.com/support/pages/node/7159333