Search criteria
24 vulnerabilities found for storage_virtualize by ibm
FKIE_CVE-2025-36118
Vulnerability from fkie_nvd - Published: 2025-11-17 21:15 - Updated: 2025-12-08 15:14
Severity ?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7250954 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.4.0.0 | |
| ibm | storage_virtualize | 8.5.0.0 | |
| ibm | storage_virtualize | 8.7.0.0 | |
| ibm | storage_virtualize | 9.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD76474-4EBF-4C69-8303-881628CD0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B854C19F-9932-4A29-BA06-AD7524276FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07AFA9D0-99F4-4C1C-8719-55C2B2C96AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:9.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2181F15C-0152-40A5-8B45-E417C6D4EFE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request."
}
],
"id": "CVE-2025-36118",
"lastModified": "2025-12-08T15:14:18.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-11-17T21:15:57.450",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7250954"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-244"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-36120
Vulnerability from fkie_nvd - Published: 2025-08-18 14:15 - Updated: 2025-08-21 19:25
Severity ?
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240796 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | 8.4.1.0 | |
| ibm | storage_virtualize | 8.4.2.0 | |
| ibm | storage_virtualize | 8.4.2.1 | |
| ibm | storage_virtualize | 8.4.3.1 | |
| ibm | storage_virtualize | 8.5.1.0 | |
| ibm | storage_virtualize | 8.5.3.0 | |
| ibm | storage_virtualize | 8.5.3.1 | |
| ibm | storage_virtualize | 8.5.4.0 | |
| ibm | storage_virtualize | 8.6.1.0 | |
| ibm | storage_virtualize | 8.6.2.0 | |
| ibm | storage_virtualize | 8.6.2.1 | |
| ibm | storage_virtualize | 8.6.3.0 | |
| ibm | storage_virtualize | 8.7.1.0 | |
| ibm | storage_virtualize | 8.7.2.0 | |
| ibm | storage_virtualize | 8.7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E519E8-37EF-4D92-A2FD-A3385E2882D2",
"versionEndExcluding": "8.4.0.18",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B84B12-542E-46ED-B7E8-F3DA33F53C70",
"versionEndExcluding": "8.5.0.16",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6",
"versionEndIncluding": "8.5.2.3",
"versionStartIncluding": "8.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D53C46-221F-47D6-A033-EC32F656E31D",
"versionEndExcluding": "8.6.0.9",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83E87C06-1327-4102-A886-81E9F175C5CE",
"versionEndExcluding": "8.7.0.6",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC16EC5-713E-4068-BC15-3B5E9AC2FCB2",
"versionEndExcluding": "8.7.3.3",
"versionStartIncluding": "8.7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B873D7F5-9F19-415B-B59C-7A246190FFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE68C97F-22BF-40D1-BACA-C22F0BBA9F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "070055AB-6DA7-42FD-A016-973FA1B1A297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F30FFE89-CA70-4D62-9724-9905AD6C715E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
},
{
"lang": "es",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6 y 8.7 podr\u00edan permitir que un usuario autenticado aumente sus privilegios en una sesi\u00f3n SSH debido a verificaciones de autorizaci\u00f3n incorrectas para acceder a los recursos."
}
],
"id": "CVE-2025-36120",
"lastModified": "2025-08-21T19:25:01.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-08-18T14:15:29.280",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1351
Vulnerability from fkie_nvd - Published: 2025-07-07 17:15 - Updated: 2025-08-14 00:57
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7237157 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.5 | |
| ibm | storage_virtualize | 8.6 | |
| ibm | storage_virtualize | 8.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BFB3D4-E523-43F7-A809-EDBA520EFF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9974C055-7EE5-42ED-9998-9A8F1ABBE78E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
},
{
"lang": "es",
"value": "Los productos IBM Storage Virtualize 8.5, 8.6 y 8.7 podr\u00edan permitir que un usuario aumente sus privilegios a los de otro usuario que inicie sesi\u00f3n al mismo tiempo debido a una condici\u00f3n de ejecuci\u00f3n en la funci\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2025-1351",
"lastModified": "2025-08-14T00:57:24.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-07T17:15:27.693",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-0159
Vulnerability from fkie_nvd - Published: 2025-02-28 19:15 - Updated: 2025-08-18 18:22
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7184182 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | 8.5.1.0 | |
| ibm | storage_virtualize | 8.5.3.0 | |
| ibm | storage_virtualize | 8.5.3.1 | |
| ibm | storage_virtualize | 8.5.4.0 | |
| ibm | storage_virtualize | 8.6.1.0 | |
| ibm | storage_virtualize | 8.6.2.0 | |
| ibm | storage_virtualize | 8.6.2.1 | |
| ibm | storage_virtualize | 8.6.3.0 | |
| ibm | storage_virtualize | 8.7.1.0 | |
| ibm | storage_virtualize | 8.7.2.0 | |
| ibm | storage_virtualize | 8.7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53306313-B866-4EE7-AB3C-FA8E6C020E5E",
"versionEndExcluding": "8.5.0.14",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6",
"versionEndIncluding": "8.5.2.3",
"versionStartIncluding": "8.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62C6AC-E55E-4B0E-9E82-B3ACBE5813A4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0107779-1EF3-4235-AC4A-497873B2FDDF",
"versionEndExcluding": "8.7.0.3",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
},
{
"lang": "es",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podr\u00eda permitir que un atacante remoto omita la autenticaci\u00f3n del endpoint RPCAdapter mediante el env\u00edo de una solicitud HTTP espec\u00edficamente manipulada."
}
],
"id": "CVE-2025-0159",
"lastModified": "2025-08-18T18:22:20.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-28T19:15:36.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-0160
Vulnerability from fkie_nvd - Published: 2025-02-28 19:15 - Updated: 2025-08-18 18:21
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7184182 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | * | |
| ibm | storage_virtualize | 8.5.1.0 | |
| ibm | storage_virtualize | 8.5.3.0 | |
| ibm | storage_virtualize | 8.5.3.1 | |
| ibm | storage_virtualize | 8.5.4.0 | |
| ibm | storage_virtualize | 8.6.1.0 | |
| ibm | storage_virtualize | 8.6.2.0 | |
| ibm | storage_virtualize | 8.6.2.1 | |
| ibm | storage_virtualize | 8.6.3.0 | |
| ibm | storage_virtualize | 8.7.1.0 | |
| ibm | storage_virtualize | 8.7.2.0 | |
| ibm | storage_virtualize | 8.7.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53306313-B866-4EE7-AB3C-FA8E6C020E5E",
"versionEndExcluding": "8.5.0.14",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6",
"versionEndIncluding": "8.5.2.3",
"versionStartIncluding": "8.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F62C6AC-E55E-4B0E-9E82-B3ACBE5813A4",
"versionEndExcluding": "8.6.0.6",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0107779-1EF3-4235-AC4A-497873B2FDDF",
"versionEndExcluding": "8.7.0.3",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
},
{
"lang": "es",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podr\u00eda permitir que un atacante remoto con acceso al sistema ejecute c\u00f3digo Java arbitrario debido a restricciones inadecuadas en el servicio RPCAdapter."
}
],
"id": "CVE-2025-0160",
"lastModified": "2025-08-18T18:21:59.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-28T19:15:36.393",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-114"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-39723
Vulnerability from fkie_nvd - Published: 2024-07-08 01:15 - Updated: 2024-11-21 09:28
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7159333 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7159333 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
},
{
"lang": "es",
"value": " Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso f\u00edsico al sistema podr\u00eda utilizar el puerto USB para provocar la p\u00e9rdida de acceso a los datos. ID de IBM X-Force: 295935."
}
],
"id": "CVE-2024-39723",
"lastModified": "2024-11-21T09:28:17.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-08T01:15:12.283",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1299"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-47700
Vulnerability from fkie_nvd - Published: 2024-02-07 17:15 - Updated: 2024-11-21 08:30
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7114767 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7114767 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
},
{
"lang": "es",
"value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.6 podr\u00edan permitir a un atacante remoto falsificar un sistema confiable que no ser\u00eda validado correctamente por el servidor Storwize. Esto podr\u00eda llevar a que un usuario se conecte a un host malicioso, creyendo que se trata de un sistema confiable y siendo enga\u00f1ado para que acepte datos falsificados. ID de IBM X-Force: 271016."
}
],
"id": "CVE-2023-47700",
"lastModified": "2024-11-21T08:30:42.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-07T17:15:09.677",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-43042
Vulnerability from fkie_nvd - Published: 2023-12-14 01:15 - Updated: 2024-11-21 08:23
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/266874 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://https://www.ibm.com/support/pages/node/7064976 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/266874 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://https://www.ibm.com/support/pages/node/7064976 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | storage_virtualize | 8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F26F12-57A9-4F27-9CEC-17B73F2D976A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
},
{
"lang": "es",
"value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.3 utilizan contrase\u00f1as predeterminadas para un usuario privilegiado. ID de IBM X-Force: 266874."
}
],
"id": "CVE-2023-43042",
"lastModified": "2024-11-21T08:23:38.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T01:15:07.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1393"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
CVE-2025-36118 (GCVE-0-2025-36118)
Vulnerability from cvelistv5 – Published: 2025-11-17 20:47 – Updated: 2025-11-17 20:57
VLAI?
Title
IBM Storage Virtualize Information Disclosure
Summary
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Severity ?
7.5 (High)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.7 Affected: 9.1 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:57:15.560154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:57:45.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:*"
],
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.7"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.\u003c/p\u003e"
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:47:48.824Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250954"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud"
}
],
"title": "IBM Storage Virtualize Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36118",
"datePublished": "2025-11-17T20:47:48.824Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2025-11-17T20:57:45.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36120 (GCVE-0-2025-36120)
Vulnerability from cvelistv5 – Published: 2025-08-18 13:39 – Updated: 2025-08-19 03:55
VLAI?
Title
IBM Storage Virtualize privilege escalation
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T03:55:31.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:39:41.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Version(s)\u003c/td\u003e\u003ctd\u003eFixed Version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.0.0-8.4.0.17\u003c/td\u003e\u003ctd\u003e8.4.0.18\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.0.0-8.5.0.15\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.0.0-8.6.0.8\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.0.0-8.7.0.5\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2\u003c/td\u003e\u003ctd\u003e8.7.3.3\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36120",
"datePublished": "2025-08-18T13:39:41.381Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-08-19T03:55:31.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1351 (GCVE-0-2025-1351)
Vulnerability from cvelistv5 – Published: 2025-07-07 16:41 – Updated: 2025-08-24 11:32
VLAI?
Title
IBM Storage Virtualize privilege escalation
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
Severity ?
6.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5
Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T03:55:22.034518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:32:40.044Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s) Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14 8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7 8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4 8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1351",
"datePublished": "2025-07-07T16:41:23.342Z",
"dateReserved": "2025-02-15T15:14:08.079Z",
"dateUpdated": "2025-08-24T11:32:40.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0160 (GCVE-0-2025-0160)
Vulnerability from cvelistv5 – Published: 2025-02-28 19:02 – Updated: 2025-02-28 19:50
VLAI?
Title
IBM FlashSystem code execution
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
Severity ?
8.1 (High)
CWE
- CWE-114 - Process Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:50:26.610723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:50:37.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:02:50.019Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0160",
"datePublished": "2025-02-28T19:02:50.019Z",
"dateReserved": "2024-12-31T19:09:08.170Z",
"dateUpdated": "2025-02-28T19:50:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0159 (GCVE-0-2025-0159)
Vulnerability from cvelistv5 – Published: 2025-02-28 19:01 – Updated: 2025-03-07 04:55
VLAI?
Title
IBM FlashSystem authentication bypass
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T04:55:48.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:01:26.669Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0159",
"datePublished": "2025-02-28T19:01:26.669Z",
"dateReserved": "2024-12-31T19:09:07.200Z",
"dateUpdated": "2025-03-07T04:55:48.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39723 (GCVE-0-2024-39723)
Vulnerability from cvelistv5 – Published: 2024-07-08 00:38 – Updated: 2024-08-02 04:26
VLAI?
Title
IBM FlashSystem denial of service
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
Severity ?
4.6 (Medium)
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:38:32.682285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:38:50.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T00:38:47.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39723",
"datePublished": "2024-07-08T00:38:47.786Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:16.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47700 (GCVE-0-2023-47700)
Vulnerability from cvelistv5 – Published: 2024-02-07 16:20 – Updated: 2024-08-22 13:57
VLAI?
Title
IBM Storage Virtualize improper certificate validation
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:51.935204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:57:17.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T16:20:32.473Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47700",
"datePublished": "2024-02-07T16:20:32.473Z",
"dateReserved": "2023-11-09T11:30:56.581Z",
"dateUpdated": "2024-08-22T13:57:17.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43042 (GCVE-0-2023-43042)
Vulnerability from cvelistv5 – Published: 2023-12-14 00:46 – Updated: 2025-05-22 17:54
VLAI?
Title
IBM Storage Virtualize information disclosure
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
Severity ?
7.5 (High)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:54:10.875552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:54:36.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T00:46:31.831Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43042",
"datePublished": "2023-12-14T00:46:31.831Z",
"dateReserved": "2023-09-15T01:12:19.598Z",
"dateUpdated": "2025-05-22T17:54:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36118 (GCVE-0-2025-36118)
Vulnerability from nvd – Published: 2025-11-17 20:47 – Updated: 2025-11-17 20:57
VLAI?
Title
IBM Storage Virtualize Information Disclosure
Summary
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Severity ?
7.5 (High)
CWE
- CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.7 Affected: 9.1 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T20:57:15.560154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:57:45.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:9.1:*:*:*:*:*:*:*"
],
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.7"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.\u003c/p\u003e"
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T20:47:48.824Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250954"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table. Affected Version(s) Fixed Version 8.4.0.0-8.4.0.9 8.4.0.10 8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.0-8.4.3.1 8.5.0.7 8.5.0.0-8.5.0.6 8.5.0.7 8.5.1.0 8.5.2.0, 8.6.0.0 8.7.0.0-8.7.0.7 8.7.0.8 8.7.1.0, 8.7.2.0-8.7.2.1 9.1.0.2 9.1.0.0-9.1.0.1 9.1.0.2, 9.1.1.0 Latest IBM SAN Volume Controller Code Latest IBM Storwize V7000 Code Latest IBM Storwize V5000 and V5100 Code Latest IBM Storwize V5000E Code Latest IBM FlashSystem 9500 Code Latest IBM FlashSystem 9100 Family Code Latest IBM FlashSystem 9200 Code Latest IBM FlashSystem 7300 Code Latest IBM FlashSystem 7200 Code Latest IBM FlashSystem 5000 and 5200 Code Latest IBM FlashSystem 5300 Code Latest IBM Storage Virtualize for Public Cloud"
}
],
"title": "IBM Storage Virtualize Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36118",
"datePublished": "2025-11-17T20:47:48.824Z",
"dateReserved": "2025-04-15T21:16:17.124Z",
"dateUpdated": "2025-11-17T20:57:45.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36120 (GCVE-0-2025-36120)
Vulnerability from nvd – Published: 2025-08-18 13:39 – Updated: 2025-08-19 03:55
VLAI?
Title
IBM Storage Virtualize privilege escalation
Summary
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.4
Affected: 8.5 Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T03:55:31.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"value": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:39:41.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240796"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Version(s)\u003c/td\u003e\u003ctd\u003eFixed Version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.0.0-8.4.0.17\u003c/td\u003e\u003ctd\u003e8.4.0.18\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.0.0-8.5.0.15\u003c/td\u003e\u003ctd\u003e8.5.0.16\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.0.0-8.6.0.8\u003c/td\u003e\u003ctd\u003e8.6.0.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.0.0-8.7.0.5\u003c/td\u003e\u003ctd\u003e8.7.0.6\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2\u003c/td\u003e\u003ctd\u003e8.7.3.3\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36120",
"datePublished": "2025-08-18T13:39:41.381Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-08-19T03:55:31.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1351 (GCVE-0-2025-1351)
Vulnerability from nvd – Published: 2025-07-07 16:41 – Updated: 2025-08-24 11:32
VLAI?
Title
IBM Storage Virtualize privilege escalation
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
Severity ?
6.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5
Affected: 8.6 Affected: 8.7 cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T03:55:22.034518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:30:31.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:32:40.044Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237157"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s) Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14 8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7 8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4 8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1351",
"datePublished": "2025-07-07T16:41:23.342Z",
"dateReserved": "2025-02-15T15:14:08.079Z",
"dateUpdated": "2025-08-24T11:32:40.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0160 (GCVE-0-2025-0160)
Vulnerability from nvd – Published: 2025-02-28 19:02 – Updated: 2025-02-28 19:50
VLAI?
Title
IBM FlashSystem code execution
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
Severity ?
8.1 (High)
CWE
- CWE-114 - Process Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:50:26.610723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:50:37.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:02:50.019Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0160",
"datePublished": "2025-02-28T19:02:50.019Z",
"dateReserved": "2024-12-31T19:09:08.170Z",
"dateUpdated": "2025-02-28T19:50:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0159 (GCVE-0-2025-0159)
Vulnerability from nvd – Published: 2025-02-28 19:01 – Updated: 2025-03-07 04:55
VLAI?
Title
IBM FlashSystem authentication bypass
Summary
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.5.0.0 , ≤ 8.5.0.13
(semver)
Affected: 8.5.1.0 Affected: 8.5.2.0 , ≤ 8.5.2.3 (semver) Affected: 8.5.3.0 , ≤ 8.5.3.1 (semver) Affected: 8.5.4.0 Affected: 8.6.0.0 , ≤ 8.6.0.5 (semver) Affected: 8.6.1.0 Affected: 8.6.2.0 , ≤ 8.6.2.1 (semver) Affected: 8.6.3.0 Affected: 8.7.1.0 Affected: 8.7.2.0 , ≤ 8.7.2.1 (semver) cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T04:55:48.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.5.0.13",
"status": "affected",
"version": "8.5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.1.0"
},
{
"lessThanOrEqual": "8.5.2.3",
"status": "affected",
"version": "8.5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.3.1",
"status": "affected",
"version": "8.5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.5.4.0"
},
{
"lessThanOrEqual": "8.6.0.5",
"status": "affected",
"version": "8.6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.1.0"
},
{
"lessThanOrEqual": "8.6.2.1",
"status": "affected",
"version": "8.6.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.6.3.0"
},
{
"status": "affected",
"version": "8.7.1.0"
},
{
"lessThanOrEqual": "8.7.2.1",
"status": "affected",
"version": "8.7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:01:26.669Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0159",
"datePublished": "2025-02-28T19:01:26.669Z",
"dateReserved": "2024-12-31T19:09:07.200Z",
"dateUpdated": "2025-03-07T04:55:48.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39723 (GCVE-0-2024-39723)
Vulnerability from nvd – Published: 2024-07-08 00:38 – Updated: 2024-08-02 04:26
VLAI?
Title
IBM FlashSystem denial of service
Summary
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
Severity ?
4.6 (Medium)
CWE
- CWE-1299 - Missing Protection Mechanism for Alternate Hardware Interface
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:38:32.682285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:38:50.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1299",
"description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T00:38:47.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7159333"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM FlashSystem denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39723",
"datePublished": "2024-07-08T00:38:47.786Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:16.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47700 (GCVE-0-2023-47700)
Vulnerability from nvd – Published: 2024-02-07 16:20 – Updated: 2024-08-22 13:57
VLAI?
Title
IBM Storage Virtualize improper certificate validation
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Severity ?
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:51.935204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:57:17.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T16:20:32.473Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114767"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47700",
"datePublished": "2024-02-07T16:20:32.473Z",
"dateReserved": "2023-11-09T11:30:56.581Z",
"dateUpdated": "2024-08-22T13:57:17.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43042 (GCVE-0-2023-43042)
Vulnerability from nvd – Published: 2023-12-14 00:46 – Updated: 2025-05-22 17:54
VLAI?
Title
IBM Storage Virtualize information disclosure
Summary
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
Severity ?
7.5 (High)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Storage Virtualize |
Affected:
8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T17:54:10.875552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:54:36.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Virtualize",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T00:46:31.831Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7064976"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Virtualize information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43042",
"datePublished": "2023-12-14T00:46:31.831Z",
"dateReserved": "2023-09-15T01:12:19.598Z",
"dateUpdated": "2025-05-22T17:54:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}