Unintended Information Disclosure Vulnerability in SMU Versions Prior to 14.8.7825.01

Unintended Information Disclosure Vulnerability in SMU Versions Prior to 14.8.7825.01

CVE-2023-6538 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

Learn more about our Cis Benchmark Audit For Server Software.