Vulnerabilites related to ibm - storage_virtualize
CVE-2025-36120 (GCVE-0-2025-36120)
Vulnerability from cvelistv5
Published
2025-08-18 13:39
Modified
2025-08-19 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.4 Version: 8.5 Version: 8.6 Version: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T03:55:31.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:39:41.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Version(s)\u003c/td\u003e\u003ctd\u003eFixed Version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.0.0-8.4.0.17\u003c/td\u003e\u003ctd\u003e8.4.0.18\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.0.0-8.5.0.15\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.0.0-8.6.0.8\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.0.0-8.7.0.5\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2\u003c/td\u003e\u003ctd\u003e8.7.3.3\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36120",
"datePublished": "2025-08-18T13:39:41.381Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-08-19T03:55:31.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1351 (GCVE-0-2025-1351)
Vulnerability from cvelistv5
Published
2025-07-07 16:41
Modified
2025-07-11 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.5, 8.6, 8.7 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T03:55:22.034518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5, 8.6, 8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:41:23.342Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s) Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14 8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7 8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4 8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1351",
"datePublished": "2025-07-07T16:41:23.342Z",
"dateReserved": "2025-02-15T15:14:08.079Z",
"dateUpdated": "2025-07-11T13:30:31.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0160 (GCVE-0-2025-0160)
Vulnerability from cvelistv5
Published
2025-02-28 19:02
Modified
2025-02-28 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-114 - Process Control
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.5.0.0 ≤ 8.5.0.13 Version: 8.5.1.0 Version: 8.5.2.0 ≤ 8.5.2.3 Version: 8.5.3.0 ≤ 8.5.3.1 Version: 8.5.4.0 Version: 8.6.0.0 ≤ 8.6.0.5 Version: 8.6.1.0 Version: 8.6.2.0 ≤ 8.6.2.1 Version: 8.6.3.0 Version: 8.7.1.0 Version: 8.7.2.0 ≤ 8.7.2.1 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:50:26.610723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:50:37.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:02:50.019Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0160",
"datePublished": "2025-02-28T19:02:50.019Z",
"dateReserved": "2024-12-31T19:09:08.170Z",
"dateUpdated": "2025-02-28T19:50:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43042 (GCVE-0-2023-43042)
Vulnerability from cvelistv5
Published
2023-12-14 00:46
Modified
2025-05-22 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1393 - Use of Default Password
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:54:10.875552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:54:36.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T00:46:31.831Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43042",
"datePublished": "2023-12-14T00:46:31.831Z",
"dateReserved": "2023-09-15T01:12:19.598Z",
"dateUpdated": "2025-05-22T17:54:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39723 (GCVE-0-2024-39723)
Vulnerability from cvelistv5
Published
2024-07-08 00:38
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.6 cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:38:32.682285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:38:50.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T00:38:47.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39723",
"datePublished": "2024-07-08T00:38:47.786Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:16.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47700 (GCVE-0-2023-47700)
Vulnerability from cvelistv5
Published
2024-02-07 16:20
Modified
2024-08-22 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:51.935204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:57:17.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T16:20:32.473Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47700",
"datePublished": "2024-02-07T16:20:32.473Z",
"dateReserved": "2023-11-09T11:30:56.581Z",
"dateUpdated": "2024-08-22T13:57:17.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0159 (GCVE-0-2025-0159)
Vulnerability from cvelistv5
Published
2025-02-28 19:01
Modified
2025-03-07 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Version: 8.5.0.0 ≤ 8.5.0.13 Version: 8.5.1.0 Version: 8.5.2.0 ≤ 8.5.2.3 Version: 8.5.3.0 ≤ 8.5.3.1 Version: 8.5.4.0 Version: 8.6.0.0 ≤ 8.6.0.5 Version: 8.6.1.0 Version: 8.6.2.0 ≤ 8.6.2.1 Version: 8.6.3.0 Version: 8.7.1.0 Version: 8.7.2.0 ≤ 8.7.2.1 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T04:55:48.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:01:26.669Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0159",
"datePublished": "2025-02-28T19:01:26.669Z",
"dateReserved": "2024-12-31T19:09:07.200Z",
"dateUpdated": "2025-03-07T04:55:48.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-02-28 19:15
Modified
2025-08-18 18:22
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7184182 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | 8.5.1.0 | |
| ibm | storage_virtualize | 8.5.3.0 | |
| ibm | storage_virtualize | 8.5.3.1 | |
| ibm | storage_virtualize | 8.5.4.0 | |
| ibm | storage_virtualize | 8.6.1.0 | |
| ibm | storage_virtualize | 8.6.2.0 | |
| ibm | storage_virtualize | 8.6.2.1 | |
| ibm | storage_virtualize | 8.6.3.0 | |
| ibm | storage_virtualize | 8.7.1.0 | |
| ibm | storage_virtualize | 8.7.2.0 | |
| ibm | storage_virtualize | 8.7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53306313-B866-4EE7-AB3C-FA8E6C020E5E",
"versionEndExcluding": "8.5.0.14",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6",
"versionEndIncluding": "8.5.2.3",
"versionStartIncluding": "8.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62C6AC-E55E-4B0E-9E82-B3ACBE5813A4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0107779-1EF3-4235-AC4A-497873B2FDDF",
"versionEndExcluding": "8.7.0.3",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
},
{
"lang": "es",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podr\u00eda permitir que un atacante remoto omita la autenticaci\u00f3n del endpoint RPCAdapter mediante el env\u00edo de una solicitud HTTP espec\u00edficamente manipulada."
}
],
"id": "CVE-2025-0159",
"lastModified": "2025-08-18T18:22:20.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-28T19:15:36.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-18 14:15
Modified
2025-08-21 19:25
Severity ?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240796 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | 8.4.1.0 | |
| ibm | storage_virtualize | 8.4.2.0 | |
| ibm | storage_virtualize | 8.4.2.1 | |
| ibm | storage_virtualize | 8.4.3.1 | |
| ibm | storage_virtualize | 8.5.1.0 | |
| ibm | storage_virtualize | 8.5.3.0 | |
| ibm | storage_virtualize | 8.5.3.1 | |
| ibm | storage_virtualize | 8.5.4.0 | |
| ibm | storage_virtualize | 8.6.1.0 | |
| ibm | storage_virtualize | 8.6.2.0 | |
| ibm | storage_virtualize | 8.6.2.1 | |
| ibm | storage_virtualize | 8.6.3.0 | |
| ibm | storage_virtualize | 8.7.1.0 | |
| ibm | storage_virtualize | 8.7.2.0 | |
| ibm | storage_virtualize | 8.7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E519E8-37EF-4D92-A2FD-A3385E2882D2",
"versionEndExcluding": "8.4.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B84B12-542E-46ED-B7E8-F3DA33F53C70",
"versionEndExcluding": "8.5.0.16",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6",
"versionEndIncluding": "8.5.2.3",
"versionStartIncluding": "8.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D53C46-221F-47D6-A033-EC32F656E31D",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83E87C06-1327-4102-A886-81E9F175C5CE",
"versionEndExcluding": "8.7.0.6",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC16EC5-713E-4068-BC15-3B5E9AC2FCB2",
"versionEndExcluding": "8.7.3.3",
"versionStartIncluding": "8.7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B873D7F5-9F19-415B-B59C-7A246190FFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE68C97F-22BF-40D1-BACA-C22F0BBA9F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "070055AB-6DA7-42FD-A016-973FA1B1A297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F30FFE89-CA70-4D62-9724-9905AD6C715E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
},
{
"lang": "es",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6 y 8.7 podr\u00edan permitir que un usuario autenticado aumente sus privilegios en una sesi\u00f3n SSH debido a verificaciones de autorizaci\u00f3n incorrectas para acceder a los recursos."
}
],
"id": "CVE-2025-36120",
"lastModified": "2025-08-21T19:25:01.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-08-18T14:15:29.280",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-28 19:15
Modified
2025-08-18 18:21
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7184182 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | 8.5.1.0 | |
| ibm | storage_virtualize | 8.5.3.0 | |
| ibm | storage_virtualize | 8.5.3.1 | |
| ibm | storage_virtualize | 8.5.4.0 | |
| ibm | storage_virtualize | 8.6.1.0 | |
| ibm | storage_virtualize | 8.6.2.0 | |
| ibm | storage_virtualize | 8.6.2.1 | |
| ibm | storage_virtualize | 8.6.3.0 | |
| ibm | storage_virtualize | 8.7.1.0 | |
| ibm | storage_virtualize | 8.7.2.0 | |
| ibm | storage_virtualize | 8.7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53306313-B866-4EE7-AB3C-FA8E6C020E5E",
"versionEndExcluding": "8.5.0.14",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6",
"versionEndIncluding": "8.5.2.3",
"versionStartIncluding": "8.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62C6AC-E55E-4B0E-9E82-B3ACBE5813A4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0107779-1EF3-4235-AC4A-497873B2FDDF",
"versionEndExcluding": "8.7.0.3",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
},
{
"lang": "es",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podr\u00eda permitir que un atacante remoto con acceso al sistema ejecute c\u00f3digo Java arbitrario debido a restricciones inadecuadas en el servicio RPCAdapter."
}
],
"id": "CVE-2025-0160",
"lastModified": "2025-08-18T18:21:59.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-28T19:15:36.393",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-114"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-07 17:15
Modified
2025-08-14 00:57
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7237157 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.5 | |
| ibm | storage_virtualize | 8.6 | |
| ibm | storage_virtualize | 8.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BFB3D4-E523-43F7-A809-EDBA520EFF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9974C055-7EE5-42ED-9998-9A8F1ABBE78E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
},
{
"lang": "es",
"value": "Los productos IBM Storage Virtualize 8.5, 8.6 y 8.7 podr\u00edan permitir que un usuario aumente sus privilegios a los de otro usuario que inicie sesi\u00f3n al mismo tiempo debido a una condici\u00f3n de ejecuci\u00f3n en la funci\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2025-1351",
"lastModified": "2025-08-14T00:57:24.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-07T17:15:27.693",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-07 17:15
Modified
2024-11-21 08:30
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7114767 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7114767 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
},
{
"lang": "es",
"value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.6 podr\u00edan permitir a un atacante remoto falsificar un sistema confiable que no ser\u00eda validado correctamente por el servidor Storwize. Esto podr\u00eda llevar a que un usuario se conecte a un host malicioso, creyendo que se trata de un sistema confiable y siendo enga\u00f1ado para que acepte datos falsificados. ID de IBM X-Force: 271016."
}
],
"id": "CVE-2023-47700",
"lastModified": "2024-11-21T08:30:42.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-07T17:15:09.677",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-14 01:15
Modified
2024-11-21 08:23
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/266874 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://https://www.ibm.com/support/pages/node/7064976 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/266874 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://https://www.ibm.com/support/pages/node/7064976 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F26F12-57A9-4F27-9CEC-17B73F2D976A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
},
{
"lang": "es",
"value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.3 utilizan contrase\u00f1as predeterminadas para un usuario privilegiado. ID de IBM X-Force: 266874."
}
],
"id": "CVE-2023-43042",
"lastModified": "2024-11-21T08:23:38.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T01:15:07.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1393"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-08 01:15
Modified
2024-11-21 09:28
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7159333 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7159333 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
},
{
"lang": "es",
"value": " Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso f\u00edsico al sistema podr\u00eda utilizar el puerto USB para provocar la p\u00e9rdida de acceso a los datos. ID de IBM X-Force: 295935."
}
],
"id": "CVE-2024-39723",
"lastModified": "2024-11-21T09:28:17.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-08T01:15:12.283",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1299"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}