35 matches found
CVE-2025-36192
IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...
CVE-2025-36192
IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...
CVE-2025-36192
CVE-2025-36192 affects IBM System Storage DS8000 family (DS8A00 with R10.0–R10.1 and DS8900F with R9.4). The root cause is missing authorization in Safeguarded Copy / GDPS logical corruption protection, enabling a local user with authorized CCW update permissions to delete or corrupt backups. IBM...
PT-2025-53585
Name of the Vulnerable Software and Affected Versions IBM DS8A00 versions 10.10.106.0 IBM DS8A00 versions 10.1.3.010.2.45.0 IBM DS8900F versions 89.40.83.089.42.18.089.44.5.0 Description IBM System Storage DS8000 may allow a local user with authorized CCW update permissions to delete or corrupt...
Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE2021-4104, CVE-2021-38930, and CVE-2021-38929. Vulnerability Details CVEID:CVE-2021-38930 DESCRIPTION: IBM System Storage DS8000 Management Console H...
Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: Spring Framework CVE-2022-22965, OpenSSL vulnerabilities CVE-2022-0778, Apache HTTP Server CVE-2021-26691, CVE-2021-40438, CVE-2021-44790, and CVE-2021-20325. Vulnerability Details CVEID:CVE-2022-0778...
Security Bulletin: DS8000 Hardware Management Console is vulnerable to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary DS8000 Hardware Management Console which consumes Log4j, is subject to CVE-2021-45105 which could cause a denial of service and CVE-2021-45046 which could cause the leak of sensitive information and remote code execution in some environments and local code execution in all environments. I...
Security Bulletin: DS8000 Hardware Management Console uses Apache Log4j which is subject to a vulnerability alert CVE-2021-44228.
Summary The DS8000 Hardware Managment Console leverages Apache Log4j CVE-2021-44228, which is subject to a vulnerability and may allow remote attackers to execute local code on the system. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execu...
Security Bulletin: Vulnerabilities in Bash affect DS8000 HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by the DS8000 HMC. Vulnerability Details This update provides details on...
Security Bulletin: Multiple vulnerabilities impact System Storage DS8000 Hardware Management Console (HMC)
Summary Multiple vulnerabilities in the DS8000 Hardware Management Console are covered in this bulletin. These include: - IBM® Runtime Environment Java™ Technology Edition that is used by the DS8000 Hardware Management Console. These issues were disclosed as part of the IBM Java SDK critical patc...
Security Bulletin: Vulnerability in RC4 stream cipher affects DS8000 (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects DS8000 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...
Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000
Summary SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000 CVE-2015-7575 Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange...
Security Bulletin: Vulnerability in IBM Java SDK Runtime affects DS8000 (CVE-2015-0138)
Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects some versions of DS8000. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in SSL/TLS implementations could allow a remote attacker to downgrade the security of certain...
Security Bulletin: Multiple vulnerabilities impact DS8000 HMC
Summary There are multiple vulnerabilities in the DS8000 HMC which are covered in this bulletin. These include: The Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. Multiple vulnerabilities in OpenSSL that were disclosed on October 15, 2014 by the OpenSSL...
Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)
Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2016-2107 MITM attack in OpenSSL, CVE-2016-5547 Denial of service in IBM Runtime Environment Java™ CVE-2017-1123 Escalation of privilege in the DS8000 HMC Vulnerability Details CVEID: CVE-2016-210...
Security Bulletin: The LogJam Attack on Diffie-Hellman ciphers (CVE-2015-4000) affects some versions of the DS8000.
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 affects some versions of the DS8000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT...
Security Bulletin: GNU C library (glibc) vulnerability affects DS8000 (CVE-2015-0235)
Summary GNU C library glibc vulnerability that has been referred to as GHOST affects DS8000 Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argumen...
Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect System Storage DS8000
Summary Multiple vulnerabilities exisit in the IBM JRE used by System Storage DS8000. These were disclosed as part of the IBM Java SDK updates - July 2015 This release also enforces the removal of RC4 in IBM JAVA CVE-2015-2808 also known as BarMitzva to ensure that no present or future releases c...
IBM System Storage DS8000 Hardware Management Console信息泄露漏洞
IBM System Storage DS8000 Hardware Management Console is a hardware management console for the DS8000, an IBM storage media platform from IBM, U.S.A. The IBM System Storage DS8000 Hardware Management Console An information disclosure vulnerability exists, which stems from a network system or...
CVE-2021-38929
IBM System Storage DS8000 Management Console HMC R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330...