Lucene search
K

61 matches found

NVD
NVD
added 2025/07/07 5:15 p.m.7 views

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

7CVSS0.00086EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/07 4:41 p.m.7 views

CVE-2025-1351 IBM Storage Virtualize privilege escalation

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

6.7CVSS0.00086EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/07 4:41 p.m.4 views

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

7CVSS5.8AI score0.00086EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/07/07 4:41 p.m.31 views

CVE-2025-1351

IBM Storage Virtualize versions 8.5–8.7 are affected by a race-condition in the login function that could allow a user to escalate privileges to another active session. Remediation from IBM’s security bulletin replaces vulnerable code with fixed versions: 8.5.x: up to 8.5.0.15; 8.5.1.0 and 8.5.2....

7CVSS6.5AI score0.00086EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.4 views

IBM Storage Virtualize 竞争条件问题漏洞

IBM Storage Virtualize is a software-defined storage solution from International Business Machines IBM. A Competitive Condition Issue vulnerability exists in IBM Storage Virtualize versions 8.5, 8.6, and 8.7, which originates from a competitive condition in the login function and could lead to...

7CVSS6.4AI score0.00086EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.4 views

PT-2025-28213 · Ibm · Ibm Storage Virtualize

Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize versions 8.5 through 8.7 Description: The issue is related to a race condition in the login function, which could allow a user to escalate their privileges to that of another user logging in at the same time...

7CVSS6.6AI score0.00086EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 1:36 p.m.8 views

Security Bulletin: Vulnerabilities in libssh affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the libssh component affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2023-1667 CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION: A NULL pointer dereference was found In libssh during re-keying...

6.5CVSS7.2AI score0.01314EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/05 6:34 a.m.16 views

Security Bulletin: FreeType versions 2.13.0 and below may lead to remote code execution for IBM Storage Virtualize vSphere Remote Plug-in (CVE-2025-27363)

Summary IBM Storage Virtualize vSphere Remote Plug-in virtual appliance runs an NGINX container built on a Debian-based image that uses a vulnerable version of the FreeType library 2.13.0 or earlier. This version is affected by CVE-2025-27363, a critical vulnerability that may allow remote code...

8.1CVSS8.1AI score0.26049EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/03/21 4:15 p.m.3 views

CVE-2023-43029

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

6.8CVSS5.8AI score0.00406EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/21 3:33 p.m.7 views

CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

6.8CVSS6.6AI score0.00406EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/21 3:33 p.m.12 views

CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

6.8CVSS0.00406EPSS
Exploits0References1
CVE
CVE
added 2025/03/21 3:33 p.m.55 views

CVE-2023-43029

CVE-2023-43029 affects IBM Storage Virtualize vSphere Remote Plug-in (versions 1.0 and 1.1). Root cause described in IBM security bulletin: credentials used for vSphere admin and registration may be exposed in the plugin support package after deployment, enabling a remote user to obtain sensitive...

7.5CVSS6.1AI score0.00406EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/21 6:43 a.m.14 views

Security Bulletin: After deploying IBM Storage Virtualize vSphere Remote Plug-in, credentials used for vSphere admin and registration with IBM Storage Virtualize products may be exposed in the plugin support package (CVE-2023-43029)

Summary The credentials-encrypted key is not unique across all IBM Storage Virtualize vSphere Remote Plugin virtual machine instances deployed from a Fix Central via OVA. It is possible that the credentials for IBM FlashSystem, IBM SAN Volume Controller, IBM Storwize, vSphere admin, and...

7.5CVSS6AI score0.00406EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/21 12:0 a.m.9 views

PT-2025-12432 · Ibm · Ibm Storage Virtualize Vsphere Remote Plug-In

Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize vSphere Remote Plug-in versions 1.0 through 1.1 Description: The issue allows a remote user to obtain sensitive credential information after deployment. Recommendations: For versions 1.0 and 1.1, consider restricting...

7.5CVSS7AI score0.00406EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/03/21 12:0 a.m.4 views

IBM Storage Virtualize vSphere Remote Plug-in 安全漏洞

IBM Storage Virtualize vSphere Remote Plug-in is a vSphere remote plug-in for storage virtualization from International Business Machines IBM. It can be used to remotely manage and configure IBM Storage Virtualization resources. A security vulnerability exists in IBM Storage Virtualize vSphere...

7.5CVSS6.2AI score0.00406EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 3:47 p.m.35 views

Security Bulletin: Vulnerabilities in bind and dnsmasq affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in bind and dnsmasq affect IBM Storage Virtualize products and could denial of service. CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 CVE-2023-4408 CVE-2023-5517 CVE-5679 CVE-2023-6516 CVE-2023-50387 CVE-2023-50868 . Vulnerability Details CVEID:CVE-2022-2795...

7.5CVSS8.2AI score0.99995EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 3:42 p.m.12 views

Security Bulletin: Vulnerability in nghttp2 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in nghttp2 affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-28182. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to versio...

5.3CVSS5.5AI score0.8496EPSS
Exploits1Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 3:36 p.m.16 views

Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause side-channel leakage. CVE-2023-6240. Vulnerability Details CVEID:CVE-2023-6240 DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a Marvin...

6.5CVSS6.6AI score0.00969EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/19 10:44 a.m.15 views

Security Bulletin: Vulnerability in python-dns affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in python-dns affects IBM Storage Virtualize products and could cause denial of service. CVE-2023-29483. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service, caused by a flaw in stub resolver when a bad-in-some-way respons...

7CVSS7.1AI score0.01857EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:34 p.m.105 views

Security Bulletin: Recommended mitigation for SSH "Terrapin" vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary The SSH "Terrapin" vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products when using the [email protected] cipher. This cipher can be disabled with a chsecurity command to fix the vulnerability. Vulnerability Details...

5.9CVSS7AI score0.9378EPSS
Exploits4Affected Software10
Rows per page
Query Builder