IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:N/A:P
Vendors Products
Ibm
  • Flashsystem 9100
  • Storwize V5100 Software
  • Flashsystem 9000 Firmware
  • Storwize V3700 Software
  • Spectrum Virtualize For Public Cloud
  • Spectrum Virtualize
  • Storwize V7000 Software
  • Flashsystem 9100 Firmware
  • Flashsystem 9000
  • San Volume Controller Firmware
  • Storwize V5000 Software
  • Storwize V3500 Software

Configuration 1 [-]

OR cpe:2.3:a:ibm:spectrum_virtualize:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_virtualize_for_public_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storwize_v3500_software:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storwize_v3700_software:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storwize_v5000_software:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storwize_v5100_software:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storwize_v7000_software:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:ibm:flashsystem_9100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flashsystem_9100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:ibm:flashsystem_9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flashsystem_9000:-:*:*:*:*:*:*:*
References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/206229 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6497111 Patch Vendor Advisory
https://www.ibm.com/support/pages/node/6507091 Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2021-10-20T00:00:00

Updated: 2021-10-21T16:40:13

Reserved: 2021-03-31T00:00:00

Link: CVE-2021-29873

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-10-21T17:15:07.800

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-29873

JSON object: View

cve-icon Redhat Information

No data.

CWE