IBM Total Storage Service Console OS Command Injection Vulnerability

A command injection vulnerability has been identified in IBM Total Storage Service Console (TSSC) / TS4500 IMC versions 9.2 through 9.6. This vulnerability allows an unauthenticated user to execute arbitrary commands with normal user privileges on the system, arising from inadequate validation of user-supplied input.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system with normal user privileges.

Remediation

Users can upgrade to TSSC/IMC versions 9.4.31 or 9.6.15. For those on versions 9.4.14, 9.4.21, or 9.4.26, the patch '9.X.X_FixOSCommandInjection_2026-04-06' should be downloaded and executed on the TSSC/IMC system. Instructions for downloading the patch are available on the IBM Available Updates page.