Medium Severity

Security Bulletin: LDAP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Share this post:

A vulnerability in LDAP authentication affects IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000 and V5100, IBM Storwize V5000E, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud, IBM FlashSystem V9000, IBM FlashSystem 9100 Family, IBM FlashSystem 9200, IBM FlashSystem 7200 and IBM FlashSystem 5000 products. The applicable vulnerability is CVE-2020-4686.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
SAN Volume Controller and Storwize Family 8.3.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6260199

More stories

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11022).

August 4, 2022 | Medium Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method (CVE-2020-11022). jQuery is used by the runtime components included in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2019-11358).

August 4, 2022 | Medium Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input in Drupal core. (CVE-2019-11358). jQuery is used by the runtime components included in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking.(CVE-2021-3634).

August 4, 2022 | Medium Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking (CVE-2021-3634). Libssh, included in RedHat, is used in the base operating system by IBM Watson Speech. Please read the details for remediation below. ...read more