Lucene search
K
IbmStorage Virtualize

8 matches found

CVE
CVE
added 2025/02/28 7:1 p.m.93 views

CVE-2025-0159

IBM FlashSystem/Storage Virtualize RPCAdapter authentication bypass (CVE-2025-0159) affects multiple IBM Storage Virtualize builds (8.5.0.0–8.7.2.1) where a remote attacker can bypass RPCAdapter endpoint authentication by sending a crafted HTTP request. The issue is tied to the RPCAdapter service...

9.1CVSS7AI score0.00796EPSS
CVE
CVE
added 2025/02/28 7:2 p.m.79 views

CVE-2025-0160

CVE-2025-0160 affects IBM FlashSystem and IBM Storage Virtualize products (multiple 8.x releases) where improper restrictions in the RPCAdapter service can allow a remote attacker with system access to execute arbitrary Java code. The description lists affected versions including 8.5.0.0–8.5.0.13...

9.8CVSS7.6AI score0.00488EPSS
CVE
CVE
added 2024/07/08 12:38 a.m.68 views

CVE-2024-39723

CVE-2024-39723 affects IBM FlashSystem 5300 USB ports that may remain usable even when disabled by the administrator. The IBM Security Bulletin (D72039A541262C5C7DD8004D30EA7974A224B2DC3E698501A93E18885B4C3EE4) confirms that a user with physical access can use a USB port to cause loss of access t...

4.6CVSS4.3AI score0.00246EPSS
CVE
CVE
added 2023/12/14 12:46 a.m.60 views

CVE-2023-43042

The CVE-2023-43042 issue affects IBM Storage Virtualize family (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, IBM Storage Virtualize) with 8.3.x releases where the default privileged-user password can be used. The IBM advisory confirms an unauthenticated check for whether the default ...

7.5CVSS7.3AI score0.00715EPSS
CVE
CVE
added 2024/02/07 4:20 p.m.45 views

CVE-2023-47700

CVE-2023-47700 affects IBM Storage Virtualize family (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem, IBM Storage Virtualize) on version 8.6. The issue = a trust management/GUI certificate validation flaw that could allow a remote attacker to spoof a trusted system, causing a user to co...

7.5CVSS7.1AI score0.00546EPSS
CVE
CVE
added 2025/08/18 1:39 p.m.44 views

CVE-2025-36120

CVE-2025-36120 affects IBM Storage Virtualize 8.4–8.7 and can allow an authenticated user to escalate privileges in an SSH session due to incorrect authorization checks when accessing resources. The IBM Security Bulletin details the vulnerability under CWE-863 (Incorrect Authorization) and lists ...

8.8CVSS6.5AI score0.00276EPSS
CVE
CVE
added 2025/07/07 4:41 p.m.32 views

CVE-2025-1351

IBM Storage Virtualize versions 8.5–8.7 are affected by a race-condition in the login function that could allow a user to escalate privileges to another active session. Remediation from IBM’s security bulletin replaces vulnerable code with fixed versions: 8.5.x: up to 8.5.0.15; 8.5.1.0 and 8.5.2....

7CVSS6.5AI score0.00086EPSS
CVE
CVE
added 2025/11/17 8:47 p.m.17 views

CVE-2025-36118

IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 are affected by CVE-2025-36118 due to an information disclosure flaw in the IKEv1 Security Association negotiation, allowing remote attackers to read sensitive memory data. The root cause is an IKEv1 implementation issue (heap/memory handling...

7.5CVSS6AI score0.00322EPSS