CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39723 – IBM FlashSystem denial of service
https://notcve.org/view.php?id=CVE-2024-39723
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso físico al sistema podría utilizar el puerto USB para provocar la pérdida de acceso a los datos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 https://www.ibm.com/support/pages/node/7159333 • CWE-287: Improper Authentication CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47700 – IBM Storage Virtualize improper certificate validation
https://notcve.org/view.php?id=CVE-2023-47700
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.6 podrían permitir a un atacante remoto falsificar un sistema confiable que no sería validado correctamente por el servidor Storwize. Esto podría llevar a que un usuario se conecte a un host malicioso, creyendo que se trata de un sistema confiable y siendo engañado para que acepte datos falsificados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 https://www.ibm.com/support/pages/node/7114767 • CWE-295: Improper Certificate Validation •