CVE-2021-29873

CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

8.1HIGH

EPSS

0.4%

top 38.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Flashsystem 9000 Firmware IBM Flashsystem 9100 Firmware IBM SAN Volume Controller Firmware +17 more

Timeline

PublishedOct 21

Latest updateMay 24

Description

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages20 packages

▶NVDibm/flashsystem_9000_firmware7.8.0.0 — 8.4.0.0

▶NVDibm/flashsystem_9100_firmware7.8.0.0 — 8.4.0.0

▶CVEListV5ibm/flashsystem_9001.5.2.10, 1.6.1.4+1

▶CVEListV5ibm/flashsystem_v90007.8, 8.4+1

▶CVEListV5ibm/flashsystem_9100_family7.8, 8.4+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4j24-8q6f-65hw: IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell esc↗2022-05-24

▶

CVEList

CVE-2021-29873: IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell esc↗2021-10-21

▶