61 matches found
CVE-2025-1351
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...
CVE-2025-1351 IBM Storage Virtualize privilege escalation
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...
CVE-2025-1351
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...
CVE-2025-1351
IBM Storage Virtualize versions 8.5–8.7 are affected by a race-condition in the login function that could allow a user to escalate privileges to another active session. Remediation from IBM’s security bulletin replaces vulnerable code with fixed versions: 8.5.x: up to 8.5.0.15; 8.5.1.0 and 8.5.2....
IBM Storage Virtualize 竞争条件问题漏洞
IBM Storage Virtualize is a software-defined storage solution from International Business Machines IBM. A Competitive Condition Issue vulnerability exists in IBM Storage Virtualize versions 8.5, 8.6, and 8.7, which originates from a competitive condition in the login function and could lead to...
PT-2025-28213 · Ibm · Ibm Storage Virtualize
Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize versions 8.5 through 8.7 Description: The issue is related to a race condition in the login function, which could allow a user to escalate their privileges to that of another user logging in at the same time...
Security Bulletin: Vulnerabilities in libssh affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the libssh component affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2023-1667 CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION: A NULL pointer dereference was found In libssh during re-keying...
Security Bulletin: FreeType versions 2.13.0 and below may lead to remote code execution for IBM Storage Virtualize vSphere Remote Plug-in (CVE-2025-27363)
Summary IBM Storage Virtualize vSphere Remote Plug-in virtual appliance runs an NGINX container built on a Debian-based image that uses a vulnerable version of the FreeType library 2.13.0 or earlier. This version is affected by CVE-2025-27363, a critical vulnerability that may allow remote code...
CVE-2023-43029
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...
CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...
CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...
CVE-2023-43029
CVE-2023-43029 affects IBM Storage Virtualize vSphere Remote Plug-in (versions 1.0 and 1.1). Root cause described in IBM security bulletin: credentials used for vSphere admin and registration may be exposed in the plugin support package after deployment, enabling a remote user to obtain sensitive...
Security Bulletin: After deploying IBM Storage Virtualize vSphere Remote Plug-in, credentials used for vSphere admin and registration with IBM Storage Virtualize products may be exposed in the plugin support package (CVE-2023-43029)
Summary The credentials-encrypted key is not unique across all IBM Storage Virtualize vSphere Remote Plugin virtual machine instances deployed from a Fix Central via OVA. It is possible that the credentials for IBM FlashSystem, IBM SAN Volume Controller, IBM Storwize, vSphere admin, and...
PT-2025-12432 · Ibm · Ibm Storage Virtualize Vsphere Remote Plug-In
Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize vSphere Remote Plug-in versions 1.0 through 1.1 Description: The issue allows a remote user to obtain sensitive credential information after deployment. Recommendations: For versions 1.0 and 1.1, consider restricting...
IBM Storage Virtualize vSphere Remote Plug-in 安全漏洞
IBM Storage Virtualize vSphere Remote Plug-in is a vSphere remote plug-in for storage virtualization from International Business Machines IBM. It can be used to remotely manage and configure IBM Storage Virtualization resources. A security vulnerability exists in IBM Storage Virtualize vSphere...
Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in bind and dnsmasq affect IBM Storage Virtualize products and could denial of service. CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 CVE-2023-4408 CVE-2023-5517 CVE-5679 CVE-2023-6516 CVE-2023-50387 CVE-2023-50868 . Vulnerability Details CVEID:CVE-2022-2795...
Security Bulletin: Vulnerability in nghttp2 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in nghttp2 affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-28182. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to versio...
Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause side-channel leakage. CVE-2023-6240. Vulnerability Details CVEID:CVE-2023-6240 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a Marvin...
Security Bulletin: Vulnerability in python-dns affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in python-dns affects IBM Storage Virtualize products and could cause denial of service. CVE-2023-29483. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service, caused by a flaw in stub resolver when a bad-in-some-way respons...
Security Bulletin: Recommended mitigation for SSH "Terrapin" vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products
Summary The SSH "Terrapin" vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products when using the [email protected] cipher. This cipher can be disabled with a chsecurity command to fix the vulnerability. Vulnerability Details...