Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-33037...

Security Bulletin: Vulnerability in SSH protocols affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2008-5161)

Summary A vulnerability in the SSH protocol affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Vulnerability Details CVEID: CVE-2008-5161...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602)

Summary A vulnerability in the IBM® Runtime Environment Java™ Technology Edition affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...

Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775)

Summary A vulnerability in the Service Assistant GUI affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in...

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could...

Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776)

Summary A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Apache Struts is used in the Service Assistant GUI...

Security Bulletin: MFA may be bypassed for LDAP users in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary LDAP users which are configured to require Multifactor Authentication MFA can still authenticate to the Common Information Model CIM interface using only username and password, which will allow them to perform a subset of configuration actions described here:...

Security Bulletin: Vulnerability in zlib affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the zlib package used by IBM Spectrum Virtualize may result in a denial of service for the whole application if an attacker is able to inject crafted input. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to cause a denial of service. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, cause...

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allo...

Security Bulletin: Vulnerability in OpenSSL affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in OpenSSL may cause a denial of service when IBM Spectrum Virtualize is acting as a TLS client when connecting to LDAP servers or key servers. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are...

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary A vulnerability in the sed command could allow an authenticated attacker to escape from a restricted shell to obtain sensitive information and cause a denial of service. Vulnerability Details CVEID:CVE-2021-29873 DESCRIPTION: IBM Flash System 900 could allow an authenticated attacker to...

Security Bulletin: Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition and Apache Tomcat affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Multiple vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Th...

PT-2023-6701 · Ibm · Ibm Spectrum Virtualize

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Virtualize version 8.5 Description: The issue is related to insufficient protection of service data during the download process from Fix Central, which could lead to the disclosure of sensitive credential information under certai...

CVE-2022-43873

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847...

CVE-2022-43870

IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540...

CVE-2022-43870

IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540...