High Severity

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Share this post:

A vulnerability in the sed command could allow an authenticated attacker to escape from a restricted shell to obtain sensitive information and cause a denial of service.

CVE(s): CVE-2021-29873

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V5100
IBM Storwize V3700
IBM Storwize V3500
IBM FlashSystem V9000
IBM FlashSystem 9100 Family
IBM FlashSystem 9200
IBM FlashSystem 7200
IBM FlashSystem 5200
IBM FlashSystem 5000
IBM Spectrum Virtualize Software
IBM Spectrum Virtualize for Public Cloud

All products are affected when running supported versions 7.8 to 8.4 (except 8.4.2.0 and later).

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6497111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206229

More stories

Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

September 28, 2022 | High Severity

IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments may be affected by the below FasterXML Jackson Databind and Apache Xerces vulnerabilities (CVEs). ...read more


Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, systemd, and Golang Go

September 28, 2022 | High Severity

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [curl, systemd and Golang Go] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more


Security Bulletin: Rational Service Tester contains a vulnerability which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate this vulnerability.

September 28, 2022 | High Severity

Eclipse Jetty contains a vulnerability that may allow a remote attacker to exploit this vulnerability to consume CPU that remains high even without any traffic. ...read more