CVE-2023-50948

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

EUVD-2023-55677

Malicious code in bioql PyPI...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in Golang (CVE-2022-30630)

Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30630. Vulnerability Details CVEID:CVE-2022-30630 DESCRIPTION: Golang G...

Security Bulletin: Fusion Data Foundation is vulnerable to CVE-2022-25883 in emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz

Summary emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz is used by Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2022-25883 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to nodejs in the management console (CVE-2021-3807)

Summary Node.js is used by IBM Storage Fusion Data Foundation in the management console and is vulnerable to a denial of service. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2021-3807. Vulnerability Details CVEID:CVE-2021-3807...

Security Bulletin: IBM Storage Fusion Data Foundation is affected DOS caused by specially crafted regex or prototype pollution flaw (CVE-2022-37599, CVE-2022-37603, CVE-2022-37601)

Summary IBM Storage Fusion Data Foundation is used by IBM Storage Fusion Data Foundation. The application server takes input and crafted regex can cause the exploit to Denial of service. CVE-2022-37599, CVE-2022-37603, CVE-2022-37601. Vulnerability Details CVEID:CVE-2022-37599 DESCRIPTION:...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2025-27144 in different components

Summary Go is used by IBM Storage Fusion Data Foundation in csi-dirver, odf-cli-container, ocs-operator-container, msc-operator-container, odf-multicluster-operator-container, rook-ceph-operator and ocs-metrics-exporter-container as part of CVE-2025-27144. This bulletin identifies the steps to ta...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2025-22150 in undici-6.20.1

Summary undici-6.20.1 is used by IBM Storage Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2025-22150 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to a denial of service via Node.js braces module (CVE-2024-4068)

Summary Node.js braces module is used by IBM Storage Fusion Data Foundation as part of CVE-2024-4068 which may lead denial of services. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4068...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2024-4067 in micromatch-4.0.4

Summary micromatch-4.0.4 is used by IBM Storage Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2024-4067 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2022-46175

Summary JSON5 is used by IBM Storage Fusion Data Foundation in the management-console and could allow a remote authenticated attacker to execute arbitrary code on the systemas part of CVE-2022-46175. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Dat...

Security Bulletin: IBM Storage Fusion Data Foundation may be affected by a vulnerability in SSH servers for FTP (CVE-2025-22869)

Summary A vulnerability in SSH server with capability of file transfer protocols can be exploited to denial of service DOS. The vulnerability may affect product IBM Storage Fusion Data Foundation. CVE-2025-22869. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement...

Security Bulletin: IBM Storage Fusion is affected by exposure of information through cross-site scripting or data queries (CVE-2023-45288, CVE-2023-3978)

Summary IBM Storage Fusion Data Foundation uses HTTP to communicate. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-45288, CVE-2023-3978. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CWE in management-console (CVE-2021-44906)

Summary IBM Storage Fusion Data Foundation is affected in management-console. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2021-44906. Vulnerability Details CVEID:CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow ...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to minimatch in management-console (CVE-2022-3517)

Summary minimatch package is used by IBM Storage Fusion Data Foundation in management-console. The product may be vulnerable to DOS by calling the braceExpand function with specific arguments. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Incorrect Authorization in Vault (CVE-2023-24999)

Summary Vault is used by IBM Storage Fusion Data Foundation to handle user authentication. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-24999. Vulnerability Details CVEID:CVE-2023-24999 DESCRIPTION: HashiCorp Vault and Vau...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Cross-site Scripting in Vault (CVE-2023-2121)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, multicluster, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-2121. Vulnerability...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an Observable Timing Discrepancy in Vault (CVE-2023-25000)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-25000. Vulnerability Details...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Improper and Incorrect Authorization and SQL Injection in Vault (CVE-2023-0665, CVE-2023-24999, CVE-2023-0620)

Summary Vault is used by IBM Storage Fusion Data Foundation as part of user authentication. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-0665, CVE-2023-24999, CVE-2023-0620. Vulnerability Details CVEID:CVE-2023-0665...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)

Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...