Security Bulletin: Vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI and could cause a confidentiality impact. The Command Line Interface is unaffected. CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle...

EUVD-2018-12074

Malware in sbrugna...

EUVD-2018-12354

Malware in sbrugna...

EUVD-2020-26234

Malware in sbrugna...

EUVD-2018-12401

Malware in sbrugna...

EUVD-2025-5928

Malicious code in bioql PyPI...

EUVD-2025-5931

Malicious code in bioql PyPI...

EUVD-2024-38207

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities in multiple components affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-handler, python-dns, bind, kernel, openssl, net-snmp and libgcrypt components affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2024-35857 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808...

CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

Security Bulletin: Vulnerability in remote support authentication affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the challenge / response authentication mechanism used by IBM remote support may allow unauthorized access as credentials can be reused on the product's management GUI. Vulnerability Details CVEID:CVE-2021-38969 DESCRIPTION: IBM Spectrum Virtualize could allow an attack...

IBM FlashSystem Code Execution Vulnerability

IBM FlashSystem is a family of high-performance all-flash and hybrid flash storage solutions from International Business Machines IBM. A code execution vulnerability exists in IBM FlashSystem that stems from improper restriction of the RPCAdapter service and can be exploited by remote attackers t...

Security Bulletin: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the GUI affect IBM Storage Virtualize products and could allow authentication bypass and arbitrary code execution. The CLI is unaffected. CVE-2025-0159 CVE-2025-0160. Vulnerability Details CVEID:CVE-2025-0160 DESCRIPTION: IBM FlashSystems could allow a remote attacker...

Vulnerabilities fixed in IBM Storage products

IBM has fixed vulnerabilities in IBM FlashSystem, SAN Volume Controller, Storwize and Storage Virtualize. The vulnerabilities are in the RPCAdapter service of specific versions of IBM FlashSystem. Attackers can bypass RPCAdapter authentication through specially crafted HTTP requests, which can le...

CVE-2025-0159

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...

CVE-2025-0160

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker with...

CVE-2025-0160

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker with...

CVE-2025-0159

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...

CVE-2025-0160

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker with...