Security Bulletin: IBM Extended Command-Line Interface (XCLI) Utility is affected by a vulnerability in Apache Log4j (CVE-2021-4104)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Extended Command-Line Interface XCLI Utility for IBM FlashSystem A9000/A9000R, IBM XIV Storage System models 114/214/314, and IBM Spectrum Accelerate. This vulnerability has been addressed. Vulnerability...

Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900

Summary A vulnerability exists in the IBM FlashSystem 900 restricted shell CVE-2021-29873. An exploit of this vulnerability could allow an authenticated attacker to access sensitive information or cause a denial of service. Vulnerability Details CVEID: CVE-2021-29873 DESCRIPTION: IBM Flash System...

Security Bulletin: A vulnerability exists in the management GUI of the IBM FlashSystem 900

Summary A vulnerability CVE-2020-4987 affects the IBM FlashSystem model 900 management GUI. Vulnerability Details CVEID: CVE-2020-4987 DESCRIPTION: IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

IBM FlashSystem 900 Cross-Site Scripting Vulnerability

IBM FlashSystem 900 is a software application from IBM, USA. Provides a subtle delay. A cross-site scripting vulnerability exists in IBM FlashSystem 900 versions 1.5.2.9 and 1.6.1.3 that allows an attacker to alter the intended functionality by embedding arbitrary JavaScript code in the Web UI,...

CVE-2020-4987

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2020-4987

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Cross site scripting

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2020-4987

CVE-2020-4987 affects IBM FlashSystem 900 user management GUI. Stored XSS in the web UI allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected code is VRMF 1.5.2.8 and prior and 1.6.1.2 and prior; fixes are available: 1.6.1.3 (1.6 s...

CVE-2020-4987

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

IBM FlashSystem 900 跨站脚本漏洞

IBM FlashSystem 900 is a software application from IBM, USA. Provides a subtle delay. A cross-site scripting vulnerability exists in IBM FlashSystem 900 versions 1.5.2.9 and 1.6.1.3 that allows an attacker to alter the intended functionality by embedding arbitrary JavaScript code in the Web UI,...

CVE-2020-4987

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Security Bulletin: A vulnerability in Java affects the IBM FlashSystem models 840 and 900

Summary A vulnerability in Java CVE-2020-2781 affects IBM Flashsystem 840 and 900. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting i...

Security Bulletin: Vulnerabilities in Java SE affect the IBM FlashSystem models 840 and 900

Summary Multiple vulnerabilities in Java SE CVE-2020-14579, CVE-2020-14578, and CVE-2020-14577 affect the IBM FlashSystem models 840 and 900. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem models 840 and 900

Summary A vulnerability in Apache Tomcat CVE-2020-13935 affects the IBM FlashSystem models 840 and 900. Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending...

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem 900 (CVE-2019-2989 and CVE-2019-2964)

Summary There are two vulnerabilities in Java to which IBM FlashSystem™ 900 is susceptible CVE-2019-2989 and CVE-2019-2964. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact,...

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479. An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Vulnerabilit...

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2017-18017 and CVE-2017-17449. An exploit of CVE-2017-18017 could allow a remote attacker to cause a denial of service condition. An exploit of CVE-2017-17449 could...

Security Bulletin: A Vulnerability in Java affects the IBM FlashSystem models V840 and V9000

Summary There is a vulnerability in Java to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2019-2602. An exploit of CVE-2019-2602 could make the system susceptible to a denial of service attack. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem V840 and V9000

Summary A vulnerability exists in Apache Tomcat to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2018-11784. An exploit of this vulnerability could allow a remote attacker to redirect a user to arbitrary websites. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION...

Security Bulletin: Multiple Vulnerabilities in Java affect the IBM FlashSystem models V840 and V9000

Summary There are vulnerabilities in Java to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible CVE-2018-2783, CVE-2018-1517, CVE-2018-12539, CVE-2018-3180, and CVE-2018-12547. An exploit of CVE-2018-12547 could make the system susceptible to a buffer overflow which could allow...