{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-43040", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-09-15T01:12:19.597Z", "datePublished": "2024-05-13T02:18:30.967Z", "dateUpdated": "2025-11-04T19:25:09.433Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Spectrum Fusion HCI", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.7.2", "status": "affected", "version": "2.5.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807."}], "value": "IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1220", "description": "CWE-1220 Insufficient Granularity of Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-13T02:18:30.967Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7151040"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Spectrum Fusion HCI improper access control", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T16:41:59.307519Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:spectrum_fusion_hci:2.5.2:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "spectrum_fusion_hci", "versions": [{"status": "affected", "version": "2.5.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:25:54.095Z"}}, {"title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7151040"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T19:25:09.433Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7151040", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T19:25:09.433Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T16:41:59.307519Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:spectrum_fusion_hci:2.5.2:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "spectrum_fusion_hci", "versions": [{"status": "affected", "version": "2.5.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T16:44:45.634Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "IBM Spectrum Fusion HCI improper access control", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Josh Baergen, Lucas Henry, and Michael Steger - Digital Ocean"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Spectrum Fusion HCI", "versions": [{"status": "affected", "version": "2.5.2", "versionType": "semver", "lessThanOrEqual": "2.7.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7151040", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.", "supportingMedia": [{"type": "text/html", "value": "IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1220", "description": "CWE-1220 Insufficient Granularity of Access Control"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-13T02:18:30.967Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43040", "state": "PUBLISHED", "dateUpdated": "2025-11-04T19:25:09.433Z", "dateReserved": "2023-09-15T01:12:19.597Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-05-13T02:18:30.967Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_fusion_hci:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFB9D65D-60C4-40B6-86A0-E2D2CDFCDF3A", "versionEndExcluding": "2.8.0", "versionStartIncluding": "2.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807."}, {"lang": "es", "value": "IBM Spectrum Fusion HCI 2.5.2 a 2.7.2 podr\u00eda permitir que un atacante realice acciones no autorizadas en RGW para Ceph debido a un acceso inadecuado al dep\u00f3sito. ID de IBM X-Force: 266807."}], "id": "CVE-2023-43040", "lastModified": "2025-11-04T20:17:06.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T13:46:23.767", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7151040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7151040"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0745", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-2:16.2.10-248.el9cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-02-08T00:00:00Z"}, {"advisory": "RHSA-2024:0745", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "ceph-ansible-0:6.0.28.7-1.el8cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-02-08T00:00:00Z"}, {"advisory": "RHSA-2024:0745", "cpe": "cpe:/a:redhat:ceph_storage:5.3::el8", "package": "haproxy-0:2.2.19-5.el8cp", "product_name": "Red Hat Ceph Storage 5.3", "release_date": "2024-02-08T00:00:00Z"}, {"advisory": "RHSA-2023:5693", "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9", "package": "ceph-2:17.2.6-148.el9cp", "product_name": "Red Hat Ceph Storage 6.1", "release_date": "2023-10-12T00:00:00Z"}], "bugzilla": {"description": "rgw: improperly verified POST keys", "id": "2216855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216855"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "details": ["IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.", "A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part."], "name": "CVE-2023-43040", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Will not fix", "package_name": "librgw2", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "librgw2", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "librgw2", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "librgw2", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2023-09-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-43040\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-43040\nhttps://seclists.org/oss-sec/2023/q3/239"], "threat_severity": "Moderate"}