HIGH🇬🇧 English

CVE-2025-36118

CVSS 7.5v3.1pub. 2025-11-17upd. 2025-12-08

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • IBM Storage Virtualize

    APP
    Ibm
    8.4.0.08.5.0.08.7.0.09.1.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-0159CRITICAL9.1PL ✓ten sam produkt

IBM FlashSystem: pominięcie uwierzytelnienia w RPCAdapter endpoint

CVE-2025-36120HIGH8.8ten sam produkt

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges i...

CVE-2025-0160HIGH8.1ten sam produkt

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 t...

CVE-2023-43042HIGH7.5ten sam produkt

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default p...

CVE-2025-1351MEDIUM6.7ten sam produkt

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of a...