Search criteria
6 vulnerabilities found for storage_fusion_hci_for_watsonx by ibm
FKIE_CVE-2025-36222
Vulnerability from fkie_nvd - Published: 2025-09-11 21:15 - Updated: 2025-10-02 19:31
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7244646 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_fusion | * | |
| ibm | storage_fusion_hci | * | |
| ibm | storage_fusion_hci_for_watsonx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2A1C1E-916D-4949-8304-D5C75FADFDD2",
"versionEndExcluding": "2.11.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_fusion_hci:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41053DB8-FC1D-4E64-A596-6632F390AC48",
"versionEndExcluding": "2.11.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF151CF6-B7C2-4A28-9D01-F04FF2DD800E",
"versionEndExcluding": "2.11.0",
"versionStartIncluding": "2.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
}
],
"id": "CVE-2025-36222",
"lastModified": "2025-10-02T19:31:43.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-11T21:15:34.350",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7244646"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-22315
Vulnerability from fkie_nvd - Published: 2025-01-28 02:15 - Updated: 2025-08-19 15:51
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7179168 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_fusion | * | |
| ibm | storage_fusion_hci | * | |
| ibm | storage_fusion_hci_for_watsonx | 2.8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D227814-2937-46C2-957C-57D4F07FB1D7",
"versionEndExcluding": "2.9.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_fusion_hci:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC1445C-4214-4080-83EF-F8F2796B29BC",
"versionEndExcluding": "2.9.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E892F5BD-4E2A-4DF7-8486-213965077B39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
},
{
"lang": "es",
"value": "IBM Fusion e IBM Fusion HCI 2.3.0 a 2.8.2 son vulnerables a una conexi\u00f3n de red insegura al permitir que un atacante que obtenga acceso a un contenedor de Fusion establezca una conexi\u00f3n de red externa."
}
],
"id": "CVE-2024-22315",
"lastModified": "2025-08-19T15:51:59.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-28T02:15:28.603",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7179168"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-923"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-36222 (GCVE-0-2025-36222)
Vulnerability from cvelistv5 – Published: 2025-09-11 20:44 – Updated: 2025-09-13 03:55
VLAI?
Summary
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
Severity ?
8.7 (High)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Fusion |
Affected:
2.2.0 , ≤ 2.10.1
(semver)
cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
Credits
Robert Hotchkiss
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:38.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.10.1",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion HCI",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.10.0",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion HCI for watsonx",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.10.0",
"status": "affected",
"version": "2.8.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Robert Hotchkiss"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
}
],
"value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T20:44:06.696Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244646"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProducts\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion range \u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.1\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242341\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions..\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI for watsonx\u003c/td\u003e\u003ctd\u003e2.8.2 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI for watsonx 2.11.0. See \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now.\n\nProductsVersion range Remediation InstructionsIBM Fusion2.2.0 - 2.10.1Upgrade to IBM Fusion 2.11.0. See the README https://www.ibm.com/support/pages/node/7242341 \u00a0for instructions..IBM Fusion HCI2.2.0 - 2.10.0Upgrade to IBM Fusion HCI 2.11.0. See the README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions.IBM Fusion HCI for watsonx2.8.2 - 2.10.0Upgrade to IBM Fusion HCI for watsonx 2.11.0. See README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Fusion insecure default configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36222",
"datePublished": "2025-09-11T20:44:06.696Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-09-13T03:55:38.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22315 (GCVE-0-2024-22315)
Vulnerability from cvelistv5 – Published: 2025-01-28 01:50 – Updated: 2025-01-28 15:16
VLAI?
Summary
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
Severity ?
4 (Medium)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Fusion |
Affected:
2.3.0 , ≤ 2.8.2
(semver)
cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:21.791243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:16:13.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion HCI",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion HCI for watsonx",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
}
],
"value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T01:50:54.965Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7179168"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Fusion improper communication restriction",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22315",
"datePublished": "2025-01-28T01:50:54.965Z",
"dateReserved": "2024-01-08T23:41:52.508Z",
"dateUpdated": "2025-01-28T15:16:13.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36222 (GCVE-0-2025-36222)
Vulnerability from nvd – Published: 2025-09-11 20:44 – Updated: 2025-09-13 03:55
VLAI?
Summary
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
Severity ?
8.7 (High)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Fusion |
Affected:
2.2.0 , ≤ 2.10.1
(semver)
cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
Credits
Robert Hotchkiss
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:38.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.10.1",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion HCI",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.10.0",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion HCI for watsonx",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.10.0",
"status": "affected",
"version": "2.8.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Robert Hotchkiss"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
}
],
"value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T20:44:06.696Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244646"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProducts\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion range \u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.1\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242341\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions..\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI for watsonx\u003c/td\u003e\u003ctd\u003e2.8.2 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI for watsonx 2.11.0. See \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now.\n\nProductsVersion range Remediation InstructionsIBM Fusion2.2.0 - 2.10.1Upgrade to IBM Fusion 2.11.0. See the README https://www.ibm.com/support/pages/node/7242341 \u00a0for instructions..IBM Fusion HCI2.2.0 - 2.10.0Upgrade to IBM Fusion HCI 2.11.0. See the README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions.IBM Fusion HCI for watsonx2.8.2 - 2.10.0Upgrade to IBM Fusion HCI for watsonx 2.11.0. See README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Fusion insecure default configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36222",
"datePublished": "2025-09-11T20:44:06.696Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-09-13T03:55:38.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22315 (GCVE-0-2024-22315)
Vulnerability from nvd – Published: 2025-01-28 01:50 – Updated: 2025-01-28 15:16
VLAI?
Summary
IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
Severity ?
4 (Medium)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Fusion |
Affected:
2.3.0 , ≤ 2.8.2
(semver)
cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:21.791243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:16:13.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion HCI",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion HCI for watsonx",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
}
],
"value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T01:50:54.965Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7179168"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Fusion improper communication restriction",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22315",
"datePublished": "2025-01-28T01:50:54.965Z",
"dateReserved": "2024-01-08T23:41:52.508Z",
"dateUpdated": "2025-01-28T15:16:13.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}