IBM Storage Virtualize
Moderate fix7 remedies
cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*
Moderate fix7 remedies
- 8.4
- 8.5
- 8.7
- 9.1
IBM Storage Virtualize IKEv1 Implementation Information Disclosure Vulnerability
Vulnerability
Patched
An information disclosure vulnerability has been identified in the IKEv1 implementation of IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1. This vulnerability allows remote attackers to access sensitive information from the device memory by sending a Security Association (SA) negotiation request.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information stored in the device memory.
Remediation
Users are advised to upgrade to version 8.4.0.10, 8.5.0.7, 8.7.0.8, or 9.1.0.2. Instructions for downloading the latest code for IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V5000E, IBM FlashSystem 5000, 5100, 5200, 5300, 7200, 7300, 9100, 9200, 9500, and IBM Storage Virtualize for Public Cloud are available on the IBM Support Fix Central website.
Added: Nov 17, 2025, 9:30 PM
Updated: Nov 17, 2025, 9:30 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
7.0remediation
7.7relevance
1.1threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.