Lucene search
K

61 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/24 9:4 a.m.47 views

Security Bulletin: A vulnerability in glibc affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in glibc affects IBM Storage Virtualize products and could cause impacts to integrity, confidentiality and availability. CVE-2024-2961. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the syste...

7.3CVSS8.4AI score0.8833EPSS
Exploits16Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/24 8:58 a.m.29 views

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause various impacts. CVE-2023-1073 CVE-2023-45871 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-1206 CVE-2023-5178. Vulnerability Details CVEID:CVE-2023-1073 DESCRIPTION: Linux Kernel could allow a...

8.8CVSS8.8AI score0.09141EPSS
Exploits2Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/24 8:56 a.m.37 views

Security Bulletin: Vulnerabilitiy in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-21131. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component...

3.7CVSS5.5AI score0.00953EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/02 10:30 a.m.26 views

Security Bulletin: Disabled USB port vulnerability affects IBM FlashSystem 5300

Summary IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. Vulnerability Details CVEID:CVE-2024-39723 DESCRIPTION: IBM FlashSystem 5300 USB ports ma...

4.6CVSS4.5AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 6:15 a.m.37 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the Python Cryptographic Authority package

Summary The Python cryptography package which provides both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions, is used by IBM Ansible plug-in. This library is vulnerable to CVE-2024-26130...

7.5CVSS7.2AI score0.00831EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 3:6 a.m.21 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 41.0.7 of cryptography package is vulnerable to CVE-2023-50782. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic Authority cryptography could...

7.5CVSS7.2AI score0.01118EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 5:53 p.m.62 views

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a...

7.5CVSS8.3AI score0.99999EPSS
Exploits21Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 3:29 p.m.42 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of servic...

7.5CVSS7.4AI score0.23072EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 10:34 a.m.36 views

Security Bulletin: Vulnerabilities in Transparent Cloud Tiering affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...

8.1CVSS8AI score0.99999EPSS
Exploits19Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/06 12:29 p.m.23 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...

5.9CVSS6.5AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 10:52 a.m.78 views

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary The certificate for a remote system in a policy-based replication partnership is not correctly validated in the GUI on IBM Storage Virtualize products. Vulnerability Details CVEID:CVE-2023-47700 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtuali...

7.5CVSS6.7AI score0.00546EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 10:50 a.m.16 views

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to...

5.9CVSS6AI score0.014EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 4:46 p.m.80 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to...

7.5CVSS7.3AI score0.14286EPSS
Exploits5Affected Software10
Prion
Prion
added 2024/02/07 5:15 p.m.19 views

Design/Logic Flaw

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a...

5CVSS6.6AI score0.00546EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/07 4:20 p.m.16 views

CVE-2023-47700 IBM Storage Virtualize improper certificate validation

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a...

5.9CVSS7.2AI score0.00546EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/07 4:20 p.m.13 views

CVE-2023-47700 IBM Storage Virtualize improper certificate validation

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a...

5.9CVSS6.4AI score0.00546EPSS
Exploits0References2
CVE
CVE
added 2024/02/07 4:20 p.m.45 views

CVE-2023-47700

CVE-2023-47700 affects IBM Storage Virtualize family (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, IBM Storage Virtualize) on version 8.6. The issue = a trust management/GUI certificate validation flaw that could allow a remote attacker to spoof a trusted system, causing a user to co...

7.5CVSS7.1AI score0.00546EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:59 p.m.39 views

Security Bulletin: An unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products

Summary An unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products. This only affects the 8.3.1 release as it is impossible for the default password to still be...

7.5CVSS7.6AI score0.00715EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/12/14 1:15 a.m.13 views

CVE-2023-43042

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874...

7.5CVSS0.00715EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/14 12:46 a.m.16 views

CVE-2023-43042 IBM Storage Virtualize information disclosure

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874...

7.5CVSS7.3AI score0.00715EPSS
Exploits0References2
Rows per page
Query Builder