Critical Severity

Security Bulletin: OpenSLP vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Share this post:

A vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerability is CVE-2019-5544.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
SAN Volume Controller and Storwize Family 8.3
SAN Volume Controller and Storwize Family 8.2
SAN Volume Controller and Storwize Family 7.8

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6250889

More stories

Security Bulletin: Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)

August 8, 2022 | Critical Severity

IBM Cloud Pak System is affected by a remote code execution in Spring Framework (CVE-2022-22965 and CVE-2020-5421). IBM Cloud Pak System ships with AWS component that includes it but is not used by it. The fix removes Spring from the product. This security bulletin service applies to IBM Cloud Pak System, BM Cloud Pak System Software and BM Cloud Pak System Software Suite. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl (CVE-2020-12723).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl, caused by recursive S_study_chunk calls in regcomp.c (CVE-2020-12723). This could allow a remote attacker to overflow a buffer and execute arbitrary code on the system. Perl is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below. ...read more