Search criteria
16 vulnerabilities found for Storage Virtualize by IBM
CVE-2025-36118 (GCVE-0-2025-36118)
Vulnerability from cvelistv5 – Published: 2025-11-17 20:47 – Updated: 2025-11-17 20:57
VLAI?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Severity ?
7.5 (High)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.7 Affected: 9.1 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:57:15.560154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:57:45.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:*"
],
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.7"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.\u003c/p\u003e"
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:47:48.824Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250954"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud"
}
],
"title": "IBM Storage Virtualize Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36118",
"datePublished": "2025-11-17T20:47:48.824Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2025-11-17T20:57:45.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36120 (GCVE-0-2025-36120)
Vulnerability from cvelistv5 – Published: 2025-08-18 13:39 – Updated: 2025-08-19 03:55
VLAI?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T03:55:31.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:39:41.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Version(s)\u003c/td\u003e\u003ctd\u003eFixed Version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.0.0-8.4.0.17\u003c/td\u003e\u003ctd\u003e8.4.0.18\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.0.0-8.5.0.15\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.0.0-8.6.0.8\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.0.0-8.7.0.5\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2\u003c/td\u003e\u003ctd\u003e8.7.3.3\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36120",
"datePublished": "2025-08-18T13:39:41.381Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-08-19T03:55:31.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1351 (GCVE-0-2025-1351)
Vulnerability from cvelistv5 – Published: 2025-07-07 16:41 – Updated: 2025-08-24 11:32
VLAI?
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
Severity ?
6.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5
Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T03:55:22.034518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:32:40.044Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s) Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14 8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7 8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4 8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1351",
"datePublished": "2025-07-07T16:41:23.342Z",
"dateReserved": "2025-02-15T15:14:08.079Z",
"dateUpdated": "2025-08-24T11:32:40.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0160 (GCVE-0-2025-0160)
Vulnerability from cvelistv5 – Published: 2025-02-28 19:02 – Updated: 2025-02-28 19:50
VLAI?
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
Severity ?
8.1 (High)
CWE
- CWE-114 - Process Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:50:26.610723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:50:37.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:02:50.019Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0160",
"datePublished": "2025-02-28T19:02:50.019Z",
"dateReserved": "2024-12-31T19:09:08.170Z",
"dateUpdated": "2025-02-28T19:50:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0159 (GCVE-0-2025-0159)
Vulnerability from cvelistv5 – Published: 2025-02-28 19:01 – Updated: 2025-03-07 04:55
VLAI?
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T04:55:48.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:01:26.669Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0159",
"datePublished": "2025-02-28T19:01:26.669Z",
"dateReserved": "2024-12-31T19:09:07.200Z",
"dateUpdated": "2025-03-07T04:55:48.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39723 (GCVE-0-2024-39723)
Vulnerability from cvelistv5 – Published: 2024-07-08 00:38 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
Severity ?
4.6 (Medium)
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:38:32.682285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:38:50.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T00:38:47.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39723",
"datePublished": "2024-07-08T00:38:47.786Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:16.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47700 (GCVE-0-2023-47700)
Vulnerability from cvelistv5 – Published: 2024-02-07 16:20 – Updated: 2024-08-22 13:57
VLAI?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:51.935204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:57:17.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T16:20:32.473Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47700",
"datePublished": "2024-02-07T16:20:32.473Z",
"dateReserved": "2023-11-09T11:30:56.581Z",
"dateUpdated": "2024-08-22T13:57:17.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43042 (GCVE-0-2023-43042)
Vulnerability from cvelistv5 – Published: 2023-12-14 00:46 – Updated: 2025-05-22 17:54
VLAI?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
Severity ?
7.5 (High)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:54:10.875552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:54:36.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T00:46:31.831Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43042",
"datePublished": "2023-12-14T00:46:31.831Z",
"dateReserved": "2023-09-15T01:12:19.598Z",
"dateUpdated": "2025-05-22T17:54:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36118 (GCVE-0-2025-36118)
Vulnerability from nvd – Published: 2025-11-17 20:47 – Updated: 2025-11-17 20:57
VLAI?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Severity ?
7.5 (High)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.7 Affected: 9.1 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:57:15.560154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:57:45.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:*"
],
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.7"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.\u003c/p\u003e"
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:47:48.824Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250954"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud"
}
],
"title": "IBM Storage Virtualize Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36118",
"datePublished": "2025-11-17T20:47:48.824Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2025-11-17T20:57:45.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36120 (GCVE-0-2025-36120)
Vulnerability from nvd – Published: 2025-08-18 13:39 – Updated: 2025-08-19 03:55
VLAI?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T03:55:31.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:39:41.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Version(s)\u003c/td\u003e\u003ctd\u003eFixed Version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.0.0-8.4.0.17\u003c/td\u003e\u003ctd\u003e8.4.0.18\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.0.0-8.5.0.15\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.0.0-8.6.0.8\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.0.0-8.7.0.5\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2\u003c/td\u003e\u003ctd\u003e8.7.3.3\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36120",
"datePublished": "2025-08-18T13:39:41.381Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-08-19T03:55:31.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1351 (GCVE-0-2025-1351)
Vulnerability from nvd – Published: 2025-07-07 16:41 – Updated: 2025-08-24 11:32
VLAI?
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
Severity ?
6.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5
Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T03:55:22.034518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:32:40.044Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s) Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14 8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7 8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4 8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1351",
"datePublished": "2025-07-07T16:41:23.342Z",
"dateReserved": "2025-02-15T15:14:08.079Z",
"dateUpdated": "2025-08-24T11:32:40.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0160 (GCVE-0-2025-0160)
Vulnerability from nvd – Published: 2025-02-28 19:02 – Updated: 2025-02-28 19:50
VLAI?
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
Severity ?
8.1 (High)
CWE
- CWE-114 - Process Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:50:26.610723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:50:37.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:02:50.019Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0160",
"datePublished": "2025-02-28T19:02:50.019Z",
"dateReserved": "2024-12-31T19:09:08.170Z",
"dateUpdated": "2025-02-28T19:50:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0159 (GCVE-0-2025-0159)
Vulnerability from nvd – Published: 2025-02-28 19:01 – Updated: 2025-03-07 04:55
VLAI?
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T04:55:48.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:01:26.669Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0159",
"datePublished": "2025-02-28T19:01:26.669Z",
"dateReserved": "2024-12-31T19:09:07.200Z",
"dateUpdated": "2025-03-07T04:55:48.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39723 (GCVE-0-2024-39723)
Vulnerability from nvd – Published: 2024-07-08 00:38 – Updated: 2024-08-02 04:26
VLAI?
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
Severity ?
4.6 (Medium)
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:38:32.682285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:38:50.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T00:38:47.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39723",
"datePublished": "2024-07-08T00:38:47.786Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:16.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47700 (GCVE-0-2023-47700)
Vulnerability from nvd – Published: 2024-02-07 16:20 – Updated: 2024-08-22 13:57
VLAI?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:51.935204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:57:17.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T16:20:32.473Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47700",
"datePublished": "2024-02-07T16:20:32.473Z",
"dateReserved": "2023-11-09T11:30:56.581Z",
"dateUpdated": "2024-08-22T13:57:17.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43042 (GCVE-0-2023-43042)
Vulnerability from nvd – Published: 2023-12-14 00:46 – Updated: 2025-05-22 17:54
VLAI?
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
Severity ?
7.5 (High)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:54:10.875552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:54:36.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T00:46:31.831Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43042",
"datePublished": "2023-12-14T00:46:31.831Z",
"dateReserved": "2023-09-15T01:12:19.598Z",
"dateUpdated": "2025-05-22T17:54:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}