28 matches found
EUVD-2023-55677
Malicious code in bioql PyPI...
The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI arises from insufficient channel restrictions for specific endpoints, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI lies in the insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to arbitrary code execution due to Node.js IP package.
Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.
Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.
Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in th...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details CVEID:CVE-2024-23829 DESCRIPTION: aio-libs...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.
Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, cross-site scripting, and obtaining sensitive information due to Pypa, Pallets Jinja, requests, and urllib3.
Summary Python packages Pypa, Pallet Jinja, requests, and urllib3 are used by IBM Storage Fusion HCI as part of the installer and may be vulnerable to the CVEs listed below. CVE-2022-40897, CVE-2024-22195, CVE-2023-32681, CVE-2023-43804. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pyp...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.
Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details CVEID:CVE-2023-5408 DESCRIPTION: OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the node...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to unauthorized access due to a flaw in Ceph RGW.
Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph due to...
CVE-2023-50948
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...
CVE-2023-50948
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...
Hardcoded credentials
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...
CVE-2023-50948 IBM Storage Fusion HCI information disclosure
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...
CVE-2023-50948
IBM Storage Fusion HCI 2.1.0–2.6.1 contains hard-coded credentials used for its own inbound authentication, outbound communication to external components, or encryption of internal data. Root cause is hard-coded credentials in versions 2.1.0–2.6.1. Impact as described: potential exposure of confi...
CVE-2023-50948 IBM Storage Fusion HCI information disclosure
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...
Security Bulletin: IBM Storage Fusion HCI uses hard-coded credentials for its own authentication with Active File Management (CVE-2023-50948)
Summary IBM Storage Fusion HCI uses default credentials for Active File Management AFM authentication. Vulnerability Details CVEID:CVE-2023-50948 DESCRIPTION: IBM Storage Fusion HCI contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound...
Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]
Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to Pallets Werkzeug (CVE-2023-46136)
Summary The python library Pallets Werkzeug is used by IBM Storage Fusion HCI's backup and restore function for WSGI utilities. A vulnerability in this library could lead to Denial of Service as described the CVE listed in the "Vulnerability Details" section. Vulnerability Details...