HIGH🇬🇧 English

CVE-2025-36120

CVSS 8.8v3.1pub. 2025-08-18upd. 2025-08-21

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • IBM Storage Virtualize

    APP
    Ibm
    8.4.1.08.4.2.08.4.2.18.4.3.18.5.1.08.5.3.08.5.3.18.5.4.08.6.1.08.6.2.08.6.2.18.6.3.08.7.1.08.7.2.08.7.2.1+ 6 więcej
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-0159CRITICAL9.1PL ✓ten sam produkt

IBM FlashSystem: pominięcie uwierzytelnienia w RPCAdapter endpoint

CVE-2025-36118HIGH7.5ten sam produkt

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive...

CVE-2025-0160HIGH8.1ten sam produkt

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 t...

CVE-2023-43042HIGH7.5ten sam produkt

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default p...

CVE-2025-1351MEDIUM6.7ten sam produkt

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of a...