Search criteria
5 vulnerabilities found for System Storage Virtualization Engine TS7700 by IBM
CVE-2025-2141 (GCVE-0-2025-2141)
Vulnerability from cvelistv5 – Published: 2025-07-01 01:01 – Updated: 2025-08-24 11:34
VLAI?
Title
IBM System Storage Virtualization Engine TS7700 cross-site scripting
Summary
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | System Storage Virtualization Engine TS7700 |
Affected:
8.60.0.115
cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:35:59.794020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:36:06.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"3948-VEF"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3948-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3957-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u0026nbsp;is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u00a0is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:34:35.439Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238556"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://tape.ibmrcl.enterpriseappointments.com/v2/\"\u003ehttps://tape.ibmrcl.enterpriseappointments.com/v2/\u003c/a\u003e or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\u003cbr\u003e\u003cbr\u003eMachine Type Model Release Fix\u003cbr\u003e3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe minimum VTD_EXEC version is shown below:\u003cbr\u003e\u003cbr\u003eVTD_EXEC Package Version\u003cbr\u003eVTD_EXEC.904 v1.27\u003cbr\u003eVTD_EXEC.905 v1.11\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eInstallation Details\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eConcurrent Yes\u003cbr\u003eLocal Machine State Online/Offline/Service\u003cbr\u003eRemote Machine State Online/Offline/Service\u003cbr\u003eTime of Installation Anytime\u003cbr\u003eInstallation Time Required (mins) 60\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by visiting https://tape.ibmrcl.enterpriseappointments.com/v2/ or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\n\nMachine Type Model Release Fix\n3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n \n\nThe minimum VTD_EXEC version is shown below:\n\nVTD_EXEC Package Version\nVTD_EXEC.904 v1.27\nVTD_EXEC.905 v1.11\n \n\nInstallation Details\n \n\nConcurrent Yes\nLocal Machine State Online/Offline/Service\nRemote Machine State Online/Offline/Service\nTime of Installation Anytime\nInstallation Time Required (mins) 60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM System Storage Virtualization Engine TS7700 cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2141",
"datePublished": "2025-07-01T01:01:51.136Z",
"dateReserved": "2025-03-10T03:07:42.777Z",
"dateUpdated": "2025-08-24T11:34:35.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36056 (GCVE-0-2025-36056)
Vulnerability from cvelistv5 – Published: 2025-07-01 01:00 – Updated: 2025-08-24 11:34
VLAI?
Title
IBM System Storage Virtualization Engine TS7700 cross-site scripting
Summary
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | System Storage Virtualization Engine TS7700 |
Affected:
8.60.0.115
cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:37:10.780577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:37:16.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"3948-VEF"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3948-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3957-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u0026nbsp;is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u00a0is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:34:14.462Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238555"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://tape.ibmrcl.enterpriseappointments.com/v2/\"\u003ehttps://tape.ibmrcl.enterpriseappointments.com/v2/\u003c/a\u003e or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\u003cbr\u003e\u003cbr\u003eMachine Type Model Release Fix\u003cbr\u003e3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe minimum VTD_EXEC version is shown below:\u003cbr\u003e\u003cbr\u003eVTD_EXEC Package Version\u003cbr\u003eVTD_EXEC.904 v1.27\u003cbr\u003eVTD_EXEC.905 v1.11\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eInstallation Details\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eConcurrent Yes\u003cbr\u003eLocal Machine State Online/Offline/Service\u003cbr\u003eRemote Machine State Online/Offline/Service\u003cbr\u003eTime of Installation Anytime\u003cbr\u003eInstallation Time Required (mins) 60\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by visiting https://tape.ibmrcl.enterpriseappointments.com/v2/ or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\n\nMachine Type Model Release Fix\n3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n \n\nThe minimum VTD_EXEC version is shown below:\n\nVTD_EXEC Package Version\nVTD_EXEC.904 v1.27\nVTD_EXEC.905 v1.11\n \n\nInstallation Details\n \n\nConcurrent Yes\nLocal Machine State Online/Offline/Service\nRemote Machine State Online/Offline/Service\nTime of Installation Anytime\nInstallation Time Required (mins) 60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM System Storage Virtualization Engine TS7700 cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36056",
"datePublished": "2025-07-01T01:00:03.022Z",
"dateReserved": "2025-04-15T21:16:11.325Z",
"dateUpdated": "2025-08-24T11:34:14.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2141 (GCVE-0-2025-2141)
Vulnerability from nvd – Published: 2025-07-01 01:01 – Updated: 2025-08-24 11:34
VLAI?
Title
IBM System Storage Virtualization Engine TS7700 cross-site scripting
Summary
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | System Storage Virtualization Engine TS7700 |
Affected:
8.60.0.115
cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:35:59.794020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:36:06.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"3948-VEF"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3948-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3957-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u0026nbsp;is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u00a0is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:34:35.439Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238556"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://tape.ibmrcl.enterpriseappointments.com/v2/\"\u003ehttps://tape.ibmrcl.enterpriseappointments.com/v2/\u003c/a\u003e or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\u003cbr\u003e\u003cbr\u003eMachine Type Model Release Fix\u003cbr\u003e3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe minimum VTD_EXEC version is shown below:\u003cbr\u003e\u003cbr\u003eVTD_EXEC Package Version\u003cbr\u003eVTD_EXEC.904 v1.27\u003cbr\u003eVTD_EXEC.905 v1.11\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eInstallation Details\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eConcurrent Yes\u003cbr\u003eLocal Machine State Online/Offline/Service\u003cbr\u003eRemote Machine State Online/Offline/Service\u003cbr\u003eTime of Installation Anytime\u003cbr\u003eInstallation Time Required (mins) 60\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by visiting https://tape.ibmrcl.enterpriseappointments.com/v2/ or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\n\nMachine Type Model Release Fix\n3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n \n\nThe minimum VTD_EXEC version is shown below:\n\nVTD_EXEC Package Version\nVTD_EXEC.904 v1.27\nVTD_EXEC.905 v1.11\n \n\nInstallation Details\n \n\nConcurrent Yes\nLocal Machine State Online/Offline/Service\nRemote Machine State Online/Offline/Service\nTime of Installation Anytime\nInstallation Time Required (mins) 60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM System Storage Virtualization Engine TS7700 cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2141",
"datePublished": "2025-07-01T01:01:51.136Z",
"dateReserved": "2025-03-10T03:07:42.777Z",
"dateUpdated": "2025-08-24T11:34:35.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36056 (GCVE-0-2025-36056)
Vulnerability from nvd – Published: 2025-07-01 01:00 – Updated: 2025-08-24 11:34
VLAI?
Title
IBM System Storage Virtualization Engine TS7700 cross-site scripting
Summary
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | System Storage Virtualization Engine TS7700 |
Affected:
8.60.0.115
cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:* cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:37:10.780577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:37:16.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VEF:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3948-VED:*:*:*:*:*:*:*",
"cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:3957-VED:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"3948-VEF"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3948-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"3957-VED"
],
"product": "System Storage Virtualization Engine TS7700",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.54.2.17, 8.60.0.115"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u0026nbsp;is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115\u00a0is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:34:14.462Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238555"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://tape.ibmrcl.enterpriseappointments.com/v2/\"\u003ehttps://tape.ibmrcl.enterpriseappointments.com/v2/\u003c/a\u003e or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\u003cbr\u003e\u003cbr\u003eMachine Type Model Release Fix\u003cbr\u003e3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\u003cbr\u003e- OR -\u003cbr\u003eUpgrade to 8.54.1.27 + VTD_EXEC.904\u003cbr\u003eR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe minimum VTD_EXEC version is shown below:\u003cbr\u003e\u003cbr\u003eVTD_EXEC Package Version\u003cbr\u003eVTD_EXEC.904 v1.27\u003cbr\u003eVTD_EXEC.905 v1.11\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eInstallation Details\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eConcurrent Yes\u003cbr\u003eLocal Machine State Online/Offline/Service\u003cbr\u003eRemote Machine State Online/Offline/Service\u003cbr\u003eTime of Installation Anytime\u003cbr\u003eInstallation Time Required (mins) 60\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by visiting https://tape.ibmrcl.enterpriseappointments.com/v2/ or contacting IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of the appropriate VTD_EXEC as needed. Minimum microcode versions are shown below:\n\nMachine Type Model Release Fix\n3957 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VED R5.4 Upgrade to 8.54.2.17 + VTD_EXEC.904\n- OR -\nUpgrade to 8.54.1.27 + VTD_EXEC.904\nR6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n3948 VEF R6.0 Upgrade to 8.60.0.115 + VTD_EXEC.905\n \n\nThe minimum VTD_EXEC version is shown below:\n\nVTD_EXEC Package Version\nVTD_EXEC.904 v1.27\nVTD_EXEC.905 v1.11\n \n\nInstallation Details\n \n\nConcurrent Yes\nLocal Machine State Online/Offline/Service\nRemote Machine State Online/Offline/Service\nTime of Installation Anytime\nInstallation Time Required (mins) 60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM System Storage Virtualization Engine TS7700 cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36056",
"datePublished": "2025-07-01T01:00:03.022Z",
"dateReserved": "2025-04-15T21:16:11.325Z",
"dateUpdated": "2025-08-24T11:34:14.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201406-0328
Vulnerability from variot - Updated: 2023-12-18 12:24Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. The IBM Virtualization Engine integrates IBM servers, disks and tape into an integrated product that simplifies the backup/recovery process to protect critical customer data and provide business continuity through fast recovery. Unprivileged users can invoke privileged commands via SSH, allowing an attacker to exploit the vulnerability to send all administrative commands. Local attackers may exploit this issue to gain elevated privileges. The product supports creation of multiple virtual tape volumes, data backup and recovery, cache encryption, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system storage virtualization engine ts7700",
"scope": "eq",
"trust": 2.6,
"vendor": "ibm",
"version": null
},
{
"model": "virtualization engine ts7700",
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system storage virtualization engine ts7700",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "virtualization engine ts7700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:system_storage_virtualization_engine_ts7700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3048"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM",
"sources": [
{
"db": "BID",
"id": "67942"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3048",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3048",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2014-03652",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "VHN-70987",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3048",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-03652",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-111",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70987",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. The IBM Virtualization Engine integrates IBM servers, disks and tape into an integrated product that simplifies the backup/recovery process to protect critical customer data and provide business continuity through fast recovery. Unprivileged users can invoke privileged commands via SSH, allowing an attacker to exploit the vulnerability to send all administrative commands. \nLocal attackers may exploit this issue to gain elevated privileges. The product supports creation of multiple virtual tape volumes, data backup and recovery, cache encryption, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "VULHUB",
"id": "VHN-70987"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3048",
"trust": 3.4
},
{
"db": "BID",
"id": "67942",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03652",
"trust": 0.6
},
{
"db": "XF",
"id": "93434",
"trust": 0.6
},
{
"db": "XF",
"id": "7700",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70987",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"id": "VAR-201406-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
}
]
},
"last_update_date": "2023-12-18T12:24:47.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "S1004653",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004653"
},
{
"title": "IBM Virtualization Engine TS7700 patch for insufficient SSH user limit vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46400"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3048"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004653"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67942"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93434"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3048"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3048"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/93434"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"date": "2014-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-70987"
},
{
"date": "2014-06-04T00:00:00",
"db": "BID",
"id": "67942"
},
{
"date": "2014-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"date": "2014-06-08T23:55:02.570000",
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"date": "2014-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70987"
},
{
"date": "2014-06-04T00:00:00",
"db": "BID",
"id": "67942"
},
{
"date": "2014-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"date": "2017-08-29T01:34:36.747000",
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"date": "2014-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67942"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM System Storage Virtualization Engine TS7700 Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "67942"
}
],
"trust": 0.3
}
}