CVE-2021-29873

moderate-risk

Published 2021-10-21

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

Do I need to act?

0.41% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (10)

Spectrum Virtualize

Spectrum Virtualize For Public Cloud

Storwize V3500 Software

Storwize V3700 Software

Storwize V5000 Software

Storwize V5100 Software

Storwize V7000 Software

San Volume Controller Firmware

Flashsystem 9100 Firmware

Flashsystem 9000 Firmware

Affected Vendors

Ibm

References (6)

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/206229

Patch https://www.ibm.com/support/pages/node/6497111

Patch https://www.ibm.com/support/pages/node/6507091

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/206229

Patch https://www.ibm.com/support/pages/node/6497111

Patch https://www.ibm.com/support/pages/node/6507091

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate