An authentication bypass vulnerability has been identified in the RPCAdapter endpoint of IBM FlashSystem. This issue affects multiple versions of IBM Storage Virtualize, including versions 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, and 8.7.2.0 through 8.7.2.1. The vulnerability allows remote attackers to bypass authentication by sending specially crafted HTTP requests to the RPCAdapter endpoint.
Exploitation of this vulnerability could lead to unauthorized access by allowing attackers to bypass authentication mechanisms, potentially leading to further actions within the application or system that require authenticated access.
Users are advised to upgrade to version 8.5.0.14 or 8.6.0.6, depending on their current version. Instructions for downloading the latest code are available on the IBM Support Fix Central website.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
