High Severity

Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900

Share this post:

A vulnerability exists in the IBM FlashSystem 900 restricted shell (CVE-2021-29873). An exploit of this vulnerability could allow an authenticated attacker to access sensitive information or cause a denial of service.

CVE(s): CVE-2021-29873

Affected product(s) and affected version(s):

Storage Node machine type and models (MTMs) affected:

  • 9840-AE1 and 9843-AE1
  • 9840-AE2 and 9843-AE2
  • 9840-AE3 and 9843-AE3
Supported storage node code versions which are affected:
  • VRMFs prior to 1.5.2.10
  • VRMFs prior to 1.6.1.4
Note: For information on IBM FlashSystem V9000 SVC code levels affected and remediated, search for the equivalent security bulletin here: IBM Support

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6507091
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206229

More stories

Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)

Nov 25, 2021 7:01 pm EST | High Severity

IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. ...read more


Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | High Severity

Vulnerabilities exist in IBM Netcool Agile Service Manager, these have been addressed. ...read more


Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager

Nov 24, 2021 7:00 pm EST | High Severity

Vulnerabilities exist in IBM Netcool Agile Service Manager, these have been addressed. ...read more