CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43029 – IBM Storage Virtualize vSphere Remote Plug-in information disclosure
https://notcve.org/view.php?id=CVE-2023-43029
21 Mar 2025 — IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. • https://www.ibm.com/support/pages/node/7228722 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2025-0160 – IBM FlashSystem code execution
https://notcve.org/view.php?id=CVE-2025-0160
28 Feb 2025 — IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service. • https://www.ibm.com/support/pages/node/7184182 • CWE-114: Process Control •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-0159 – IBM FlashSystem authentication bypass
https://notcve.org/view.php?id=CVE-2025-0159
28 Feb 2025 — IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. • https://www.ibm.com/support/pages/node/7184182 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39723 – IBM FlashSystem denial of service
https://notcve.org/view.php?id=CVE-2024-39723
08 Jul 2024 — IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso físico al sistema podría utilizar el puerto USB para provocar la pérdida de acceso a los datos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 • CWE-287: Improper Authentication CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47700 – IBM Storage Virtualize improper certificate validation
https://notcve.org/view.php?id=CVE-2023-47700
07 Feb 2024 — IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.6 podrían permitir a un atacante rem... • https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43042 – IBM Storage Virtualize information disclosure
https://notcve.org/view.php?id=CVE-2023-43042
14 Dec 2023 — IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874. Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.3 utilizan contraseñas predeterminadas para un usuario privilegiado. ID de IBM X-Force: 266874. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266874 • CWE-1393: Use of Default Password •