cve/2023/CVE-2023-39379.md

### [CVE-2023-39379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39379)
![](https://img.shields.io/static/v1?label=Product&message=Fujitsu%20Software%20Infrastructure%20Manager%20Advanced%20Edition%20for%20PRIMEFLEX&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Fujitsu%20Software%20Infrastructure%20Manager%20Advanced%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Fujitsu%20Software%20Infrastructure%20Manager%20Essential%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20V2.8.0.060%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cleartext%20storage%20of%20sensitive%20information&color=brighgreen)

### Description

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds