8 matches found
CVE-2025-0159
IBM FlashSystem/Storage Virtualize RPCAdapter authentication bypass (CVE-2025-0159) affects multiple IBM Storage Virtualize builds (8.5.0.0–8.7.2.1) where a remote attacker can bypass RPCAdapter endpoint authentication by sending a crafted HTTP request. The issue is tied to the RPCAdapter service...
CVE-2025-0160
CVE-2025-0160 affects IBM FlashSystem and IBM Storage Virtualize products (multiple 8.x releases) where improper restrictions in the RPCAdapter service can allow a remote attacker with system access to execute arbitrary Java code. The description lists affected versions including 8.5.0.0–8.5.0.13...
CVE-2024-39723
CVE-2024-39723 affects IBM FlashSystem 5300 USB ports that may remain usable even when disabled by the administrator. The IBM Security Bulletin (D72039A541262C5C7DD8004D30EA7974A224B2DC3E698501A93E18885B4C3EE4) confirms that a user with physical access can use a USB port to cause loss of access t...
CVE-2023-43042
The CVE-2023-43042 issue affects IBM Storage Virtualize family (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, IBM Storage Virtualize) with 8.3.x releases where the default privileged-user password can be used. The IBM advisory confirms an unauthenticated check for whether the default ...
CVE-2023-47700
CVE-2023-47700 affects IBM Storage Virtualize family (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, IBM Storage Virtualize) on version 8.6. The issue = a trust management/GUI certificate validation flaw that could allow a remote attacker to spoof a trusted system, causing a user to co...
CVE-2025-36120
CVE-2025-36120 affects IBM Storage Virtualize 8.4–8.7 and can allow an authenticated user to escalate privileges in an SSH session due to incorrect authorization checks when accessing resources. The IBM Security Bulletin details the vulnerability under CWE-863 (Incorrect Authorization) and lists ...
CVE-2025-1351
IBM Storage Virtualize versions 8.5–8.7 are affected by a race-condition in the login function that could allow a user to escalate privileges to another active session. Remediation from IBM’s security bulletin replaces vulnerable code with fixed versions: 8.5.x: up to 8.5.0.15; 8.5.1.0 and 8.5.2....
CVE-2025-36118
IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 are affected by CVE-2025-36118 due to an information disclosure flaw in the IKEv1 Security Association negotiation, allowing remote attackers to read sensitive memory data. The root cause is an IKEv1 implementation issue (heap/memory handling...