FlashSystem
by IBM
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0160 | 0.00 | — | 0.00 | Feb 28, 2025 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a… | |||
| CVE-2025-0159 | 0.00 | — | 0.00 | Feb 28, 2025 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a… | |||
| CVE-2024-39723 | 0.00 | — | 0.00 | Jul 8, 2024 | IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. | |||
| CVE-2023-43042 | 0.00 | — | 0.00 | Dec 14, 2023 | IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874. | |||
| CVE-2021-29873 | 0.00 | — | 0.00 | Oct 21, 2021 | IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. | |||
| CVE-2020-4987 | 0.00 | — | 0.00 | May 4, 2021 | The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2018-1822 | 0.00 | — | 0.00 | Oct 18, 2018 | IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM… | |||
| CVE-2018-1495 | 0.00 | — | 0.00 | May 29, 2018 | IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. | |||
| CVE-2018-1461 | 0.00 | — | 0.00 | May 17, 2018 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed… | |||
| CVE-2018-1466 | 0.00 | — | 0.00 | May 17, 2018 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to… |
- CVE-2025-0160Feb 28, 2025risk 0.00cvss —epss 0.00
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a…
- CVE-2025-0159Feb 28, 2025risk 0.00cvss —epss 0.00
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a…
- CVE-2024-39723Jul 8, 2024risk 0.00cvss —epss 0.00
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
- CVE-2023-43042Dec 14, 2023risk 0.00cvss —epss 0.00
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
- CVE-2021-29873Oct 21, 2021risk 0.00cvss —epss 0.00
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
- CVE-2020-4987May 4, 2021risk 0.00cvss —epss 0.00
The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
- CVE-2018-1822Oct 18, 2018risk 0.00cvss —epss 0.00
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM…
- CVE-2018-1495May 29, 2018risk 0.00cvss —epss 0.00
IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148.
- CVE-2018-1461May 17, 2018risk 0.00cvss —epss 0.00
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed…
- CVE-2018-1466May 17, 2018risk 0.00cvss —epss 0.00
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) use weaker than expected cryptographic algorithms that could allow an attacker to…