Medium Severity

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Share this post:

Multiple vulnerabilities in the Linux kernel could allow an authenticated attacker to obtain sensitive information.

CVE(s): CVE-2020-10732, CVE-2020-10774

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V5100
IBM FlashSystem V9000
IBM FlashSystem 9100 Family
IBM FlashSystem 9200
IBM FlashSystem 7200
IBM FlashSystem 5200
IBM FlashSystem 5000
IBM Spectrum Virtualize Software
IBM Spectrum Virtualize for Public Cloud

All products are affected when running supported version 8.4 (except 8.4.2.0 and later).

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6497113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181554
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192481

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. ...read more


Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. ...read more


Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the "secureValidation" property when creating a KeyInfo from a KeyInfoReference element. ...read more