HIGH🇵🇱 Wersja polska

CVE-2025-0160

CVSS 8.1v3.1pub. 2025-02-28upd. 2025-08-18

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Storage Virtualize

    APP
    Ibm
    8.5.1.08.5.3.08.5.3.18.5.4.08.6.1.08.6.2.08.6.2.18.6.3.08.7.1.08.7.2.08.7.2.18.7.0.0 – 8.7.0.3 (bez)8.6.0.0 – 8.6.0.6 (bez)8.5.2.0 – 8.5.2.38.5 – 8.5.0.14 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-0159CRITICAL9.1PL ✓ten sam produkt

IBM FlashSystem: pominięcie uwierzytelnienia w RPCAdapter endpoint

CVE-2025-36118HIGH7.5ten sam produkt

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive...

CVE-2025-36120HIGH8.8ten sam produkt

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges i...

CVE-2023-43042HIGH7.5ten sam produkt

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default p...

CVE-2025-1351MEDIUM6.7ten sam produkt

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of a...