High Severity

Security Bulletin: A vulnerability exists in the restricted shell of the IBM FlashSystem 900

Share this post:

A vulnerability exists in the IBM FlashSystem 900 restricted shell (CVE-2021-29873). An exploit of this vulnerability could allow an unauthenticated attacker to access sensitive information or cause a denial of service.

CVE(s): CVE-2021-29873

Affected product(s) and affected version(s):

Storage Node machine type and models (MTMs) affected:

  • 9840-AE1 and 9843-AE1
  • 9840-AE2 and 9843-AE2
  • 9840-AE3 and 9843-AE3
Supported storage node code versions which are affected:
  • VRMFs prior to 1.5.2.10
  • VRMFs prior to 1.6.1.4
Note: For information on IBM FlashSystem V9000 SVC code levels affected and remediated, search for the equivalent security bulletin here: IBM Support

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6507091
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206229

More stories

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778

May 20, 2022 | High Severity

An issue was identifed in OpenSSL when MQ is using it to parse certificates. ...read more


Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

May 17, 2022 | High Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL ...read more


Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

May 17, 2022 | High Severity

IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. ...read more