CVE-2025-0159

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
References
Link Resource
https://www.ibm.com/support/pages/node/7184182 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*

History

18 Aug 2025, 18:22

Type Values Removed Values Added
First Time Ibm storage Virtualize
Ibm
CPE cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*
Summary
  • (es) IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podría permitir que un atacante remoto omita la autenticación del endpoint RPCAdapter mediante el envío de una solicitud HTTP específicamente manipulada.
References () https://www.ibm.com/support/pages/node/7184182 - () https://www.ibm.com/support/pages/node/7184182 - Vendor Advisory
CWE CWE-306

28 Feb 2025, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-28 19:15

Updated : 2025-08-18 18:22


NVD link : CVE-2025-0159

Mitre link : CVE-2025-0159

CVE.ORG link : CVE-2025-0159


JSON object : View

Products Affected

ibm

  • storage_virtualize
CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-306

Missing Authentication for Critical Function