Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to...

Security Bulletin: Network Security (NSS) vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Network Security NSS affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerability is...

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary A vulnerability in the sed command could allow an authenticated attacker to escape from a restricted shell to obtain sensitive information and cause a denial of service. Vulnerability Details CVEID:CVE-2021-29873 DESCRIPTION: IBM Flash System 900 could allow an authenticated attacker to...

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary Multiple vulnerabilities in the Linux kernel could allow an authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2020-10732 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IPv6 and MQ affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products

Summary Vulnerabilities in the IPv6 and MQ components affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products. Applicable CVEs are CVE-2016-10142 and CVE-2017-11176. Vulnerability Details CVEID: CVE-2016-10142 DESCRIPTION: The IETF IPv6 protocol is vulnerable to a denial of...

Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391)

Summary A vulnerability in the Linux Kernel affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Vulnerability Details CVEID: CVE-2018-5391...

Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-3092)

Summary A vulnerability in the Apache Tomcat component affects the product's management GUI. The CLI interface is unaffected. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. ...

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-3759)

Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details CVEID:CVE-2021-3759 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory overflow in the ipc function in the memcg...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2022-34165)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System, which could allow a remote attacker to cause cache poisoning and cross-site scripting. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8....

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Elastic Storage System. Vulnerability Details CVEID:CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass security restrictions, caused by an issue with not...

Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affects IBM Spectrum Scale packaged in IBM Elastic Storage System.

Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Elastic Storage System GUI, which could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified...

Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2020-27618)

Summary IBM Elastic Storage System is shipped with GNU glibc, for which a fix is available for a security vulnerability. Vulnerability Details CVEID: CVE-2020-27618 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by an error when processing some invalid...

Security Bulletin: A vulnerability in IBM Java SE affects IBM Elastic Storage System

Summary There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Elastic Storage System. This issue was disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2020-1752)

Summary IBM Elastic Storage System is shipped with GNU glibc, for which a fix is available for a security vulnerability. Vulnerability Details CVEID: CVE-2020-1752 DESCRIPTION: GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free. By creating ...

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964)

Summary There are two vulnerabilities in Java to which IBM FlashSystem™ 900 is susceptible CVE-2019-2989 and CVE-2019-2964. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact,...