Medium Severity

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Share this post:

A vulnerability in Apache Tomcat affects the product’s management GUI, potentially allowing an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. The Command Line Interface is unaffected.

CVE(s): CVE-2021-33037

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V5100
IBM FlashSystem V9000
IBM FlashSystem 9100 Family
IBM FlashSystem 9200
IBM FlashSystem 7200
IBM FlashSystem 5200
IBM FlashSystem 5000
IBM Spectrum Virtualize Software
IBM Spectrum Virtualize for Public Cloud

All products are affected when running supported version 8.4 (except 8.4.2.0 and later).

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6497115
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205222

More stories

Security Bulletin: IBM Workload Scheduler is vulnerable to arbitrary file creation vulnerability due to CVE-2022-22369 affecting JLOG component

August 8, 2022 | Medium Severity

The Jlog component on the Master Domain Manager of IBM Workload Scheduler permits an unauthenticated user to interact with the system making it possible to modify the way the service works or modify system files. ...read more


Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

August 8, 2022 | Medium Severity

Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. ...read more


Security Bulletin: Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler.

August 8, 2022 | Medium Severity

Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler. This issue was disclosed as part of the Oracle October 2021 Critical Patch Update. ...read more