Restricted Shell Escape Vulnerability in IBM Flash System 900
CVE-2021-29873

8.8HIGH

Key Information:

Vendor
IBM
Status
Flashsystem 900
Flashsystem V9000
Storwize V3500
Storwize V5000
Vendor
CVE Published:
21 October 2021

Summary

IBM Flash System 900 contains a restricted shell escape vulnerability that could allow an authenticated attacker to access sensitive information and potentially cause a denial of service. This issue raises significant concerns about data security and system reliability for users of the product. The flaw may permit unauthorized access through the restricted shell, enabling attackers to exploit the system and disrupt operations.

Affected Version(s)

FlashSystem 900 1.6.1.4

FlashSystem 900 1.5.2.10

FlashSystem 9100 Family 8.4

References

https://www.ibm.com/support/pages/node/6497111
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6507091
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/206229
vdb-entryx_refsource_XF

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.