CVE-2024-39723

CVE-2024-39723 affects IBM FlashSystem 5300 USB ports that may remain usable even when disabled by the administrator. The IBM Security Bulletin (D72039A541262C5C7DD8004D30EA7974A224B2DC3E698501A93E18885B4C3EE4) confirms that a user with physical access can use a USB port to cause loss of access t...

CVE-2024-39723 IBM FlashSystem denial of service

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...

IBM FlashSystem 5300 安全漏洞

The IBM FlashSystem 5300 is an IBM storage enterprise system from International Business Machines IBM that stores data on flash memory. The IBM FlashSystem 5300 suffers from an authentication error vulnerability that could be exploited by an attacker to cause loss of access to data using a USB po...

PT-2024-28650 · Ibm · Ibm Flashsystem 5300

Name of the Vulnerable Software and Affected Versions: IBM FlashSystem 5300 affected versions not specified Description: The issue allows a user with physical access to the system to use a disabled USB port, potentially causing loss of access to data. This can occur even if the administrator has...

Security Bulletin: Disabled USB port vulnerability affects IBM FlashSystem 5300

Summary IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. Vulnerability Details CVEID:CVE-2024-39723 DESCRIPTION: IBM FlashSystem 5300 USB ports ma...

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of servic...

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not...

Security Bulletin: A vulnerability in the GUI affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary The certificate for a remote system in a policy-based replication partnership is not correctly validated in the GUI on IBM Storage Virtualize products. Vulnerability Details CVEID:CVE-2023-47700 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtuali...

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to...

Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected CVE-2023-50164. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remo...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products (CVE-2023-45648, CVE-2023-42795, CVE-2023-46589, CVE-2024-21733)

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing HTTP request smuggling and the obtaining of sensitive information. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to...

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through...

CVE-2023-47700

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a...

Design/Logic Flaw

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a...

CVE-2023-47700

CVE-2023-47700 affects IBM Storage Virtualize family (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, IBM Storage Virtualize) on version 8.6. The issue = a trust management/GUI certificate validation flaw that could allow a remote attacker to spoof a trusted system, causing a user to co...

Security Bulletin: An unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products

Summary An unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products. This only affects the 8.3.1 release as it is impossible for the default password to still be...

CVE-2023-43042

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874...

PT-2023-28671 · Ibm · Ibm San Volume Controller +3

Name of the Vulnerable Software and Affected Versions: IBM SAN Volume Controller version 8.3 IBM Storwize version 8.3 IBM FlashSystem version 8.3 IBM Storage Virtualize version 8.3 Description: The issue is related to the use of default passwords for a privileged user in the mentioned products...

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition...

Security Bulletin: A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Struts affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-fi...