CVE-2023-43040

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2023-43040 DLA-3629-1 DLA-4310-1 DSA-5825-1 RHSA-2023:5693 RHSA-2024:0745

Modified

Published: 13 May 2024, 02:18

Last modified:04 Nov 2025, 19:25

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

7.59% LOW

8% probability -2.58%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 May 2024, 02:18

Published

Vulnerability first disclosed

04 Nov 2025, 19:25

Last Modified

Vulnerability information updated

Description

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 7.59%• Percentile: 92%

Techniques & Countermeasures

CWE-1220•Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

Affected Systems

ibm•spectrum fusion hci
≥ 2.5.2, ≤ 2.7.2
ibm•storage_fusion_hci
≥ 2.5.2, < 2.8.0