IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Storage_virtualize | Ibm | 8.5 (including) | 8.5.0.14 (excluding) |
| Storage_virtualize | Ibm | 8.5.2.0 (including) | 8.5.2.3 (including) |
| Storage_virtualize | Ibm | 8.6.0.0 (including) | 8.6.0.6 (excluding) |
| Storage_virtualize | Ibm | 8.7.0.0 (including) | 8.7.0.3 (excluding) |
| Storage_virtualize | Ibm | 8.5.1.0 (including) | 8.5.1.0 (including) |
| Storage_virtualize | Ibm | 8.5.3.0 (including) | 8.5.3.0 (including) |
| Storage_virtualize | Ibm | 8.5.3.1 (including) | 8.5.3.1 (including) |
| Storage_virtualize | Ibm | 8.5.4.0 (including) | 8.5.4.0 (including) |
| Storage_virtualize | Ibm | 8.6.1.0 (including) | 8.6.1.0 (including) |
| Storage_virtualize | Ibm | 8.6.2.0 (including) | 8.6.2.0 (including) |
| Storage_virtualize | Ibm | 8.6.2.1 (including) | 8.6.2.1 (including) |
| Storage_virtualize | Ibm | 8.6.3.0 (including) | 8.6.3.0 (including) |
| Storage_virtualize | Ibm | 8.7.1.0 (including) | 8.7.1.0 (including) |
| Storage_virtualize | Ibm | 8.7.2.0 (including) | 8.7.2.0 (including) |
| Storage_virtualize | Ibm | 8.7.2.1 (including) | 8.7.2.1 (including) |