High Severity

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

November 18, 2021

Share this post:

A vulnerability in the sed command could allow an authenticated attacker to escape from a restricted shell to obtain sensitive information and cause a denial of service.

CVE(s): CVE-2021-29873

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V5100
IBM Storwize V3700
IBM Storwize V3500
IBM FlashSystem V9000
IBM FlashSystem 9100 Family
IBM FlashSystem 9200
IBM FlashSystem 7200
IBM FlashSystem 5200
IBM FlashSystem 5000
IBM Spectrum Virtualize Software
IBM Spectrum Virtualize for Public Cloud

All products are affected when running supported versions 7.8 to 8.4 (except 8.4.2.0 and later).

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6497111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206229

High Severity

Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2021-29843

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)

June 29, 2022 | High Severity

OpenSSL vulnerabilities were disclosed on March 15, 2022 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect Backup-Archive Client for network connections with NetApp services, has addressed the applicable CVE. ...read more

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

June 29, 2022 | High Severity

There are multiple vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus. These vulnerabilities include elevation of privileges, obtaining sensitive information, denial of service, execution of arbitrary code on the system, bypassing security restrictions, and buffer overflow. ...read more

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to various attacks due to its use of redis (CVE-2021-32675, CVE-2021-32626, CVE-2021-32672)

June 29, 2022 | High Severity

Redis is used by several components in IBM Cloud Pak for Multicloud Management Monitoring as an in-memory shared cache database. It is not exposed outside the cluster. ...read more

High Severity

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2021-29843

Security Bulletin: IBM MQ is vulnerable to a denial of service attack caused by an issue processing message properties. (CVE-2021-29843)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)

June 29, 2022 | High Severity

Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

June 29, 2022 | High Severity

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to various attacks due to its use of redis (CVE-2021-32675, CVE-2021-32626, CVE-2021-32672)

June 29, 2022 | High Severity