Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause denial of service or confidentiality impacts. CVE-2025-38471 CVE-2025-38718 CVE-2025-39682 CVE-2025-38550. Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following...

CVE-2023-43029

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-36118

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

CVE-2025-36118

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

CVE-2025-36118 IBM Storage Virtualize Information Disclosure

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

CVE-2025-36118

IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 are affected by CVE-2025-36118 due to an information disclosure flaw in the IKEv1 Security Association negotiation, allowing remote attackers to read sensitive memory data. The root cause is an IKEv1 implementation issue (heap/memory handling...

CVE-2025-36118 IBM Storage Virtualize Information Disclosure

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

IBM Storage Virtualize 安全漏洞

IBM Storage Virtualize is a software-defined storage solution from International Business Machines IBM. A security vulnerability exists in IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1, which stems from an information disclosure vulnerability in the IKEv1 implementation that could lead t...

PT-2025-47207

Name of the Vulnerable Software and Affected Versions IBM Storage Virtualize versions 8.4 through 9.1 Description The IKEv1 implementation contains a flaw that could allow remote attackers to obtain sensitive information from device memory during a Security Association SA negotiation request...

EUVD-2025-20290

Malicious code in bioql PyPI...

CVE-2025-36120

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources...

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-1351 IBM Storage Virtualize privilege escalation

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-1351

IBM Storage Virtualize versions 8.5–8.7 are affected by a race-condition in the login function that could allow a user to escalate privileges to another active session. Remediation from IBM’s security bulletin replaces vulnerable code with fixed versions: 8.5.x: up to 8.5.0.15; 8.5.1.0 and 8.5.2....

IBM Storage Virtualize 竞争条件问题漏洞

IBM Storage Virtualize is a software-defined storage solution from International Business Machines IBM. A Competitive Condition Issue vulnerability exists in IBM Storage Virtualize versions 8.5, 8.6, and 8.7, which originates from a competitive condition in the login function and could lead to...

PT-2025-28213 · Ibm · Ibm Storage Virtualize

Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize versions 8.5 through 8.7 Description: The issue is related to a race condition in the login function, which could allow a user to escalate their privileges to that of another user logging in at the same time...

Security Bulletin: Vulnerabilities in libssh affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the libssh component affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2023-1667 CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION: A NULL pointer dereference was found In libssh during re-keying...

Security Bulletin: FreeType versions 2.13.0 and below may lead to remote code execution for IBM Storage Virtualize vSphere Remote Plug-in (CVE-2025-27363)

Summary IBM Storage Virtualize vSphere Remote Plug-in virtual appliance runs an NGINX container built on a Debian-based image that uses a vulnerable version of the FreeType library 2.13.0 or earlier. This version is affected by CVE-2025-27363, a critical vulnerability that may allow remote code...

CVE-2023-43029

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...