CVE-2024-22315 — Improper Restriction of Communication Channel to Intended Endpoints in IBM Storage Fusion

CWE-923 — Improper Restriction of Communication Channel to Intended Endpoints2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 94.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Storage Fusion IBM Storage Fusion HCI IBM Fusion +3 more

Timeline

PublishedJan 28

Description

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages5 packages

▶NVDibm/storage_fusion2.3.0 — 2.9.0

▶NVDibm/storage_fusion_hci2.3.0 — 2.9.0+1

▶CVEListV5ibm/fusion2.3.0 — 2.8.2

▶CVEListV5ibm/fusion_hci2.3.0 — 2.8.2

▶CVEListV5ibm/fusion_hci_for_watsonx2.8.2

🔴Vulnerability Details

GHSA

GHSA-x279-fqqw-2jvv: IBM Fusion and IBM Fusion HCI 2↗2025-01-28

▶