This page lists publicly disclosed CVE vulnerabilities affecting ibm storage_virtualize (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-36118 | IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. | [email protected] | 7.5 | 0.31% | 2025-11-17 | 2025-12-08 |
| CVE-2025-36120 | IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources. | [email protected] | 8.8 | 0.28% | 2025-08-18 | 2025-08-21 |
| CVE-2025-1351 | IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function. | [email protected] | 6.7 | 0.09% | 2025-07-07 | 2025-08-14 |
| CVE-2025-0160 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service. | [email protected] | 8.1 | 0.49% | 2025-02-28 | 2025-08-18 |
| CVE-2025-0159 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. | [email protected] | 9.1 | 0.80% | 2025-02-28 | 2025-08-18 |
| CVE-2024-39723 | IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. | [email protected] | 4.6 | 0.25% | 2024-07-08 | 2024-11-21 |
| CVE-2023-47700 | IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. | [email protected] | 5.9 | 0.55% | 2024-02-07 | 2024-11-21 |
| CVE-2023-43042 | IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874. | [email protected] | 7.5 | 0.71% | 2023-12-14 | 2024-11-21 |