IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Weakness
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Storage_virtualize | Ibm | 8.5 (including) | 8.5.0.14 (excluding) |
| Storage_virtualize | Ibm | 8.5.2.0 (including) | 8.5.2.3 (including) |
| Storage_virtualize | Ibm | 8.6.0.0 (including) | 8.6.0.6 (excluding) |
| Storage_virtualize | Ibm | 8.7.0.0 (including) | 8.7.0.3 (excluding) |
| Storage_virtualize | Ibm | 8.5.1.0 (including) | 8.5.1.0 (including) |
| Storage_virtualize | Ibm | 8.5.3.0 (including) | 8.5.3.0 (including) |
| Storage_virtualize | Ibm | 8.5.3.1 (including) | 8.5.3.1 (including) |
| Storage_virtualize | Ibm | 8.5.4.0 (including) | 8.5.4.0 (including) |
| Storage_virtualize | Ibm | 8.6.1.0 (including) | 8.6.1.0 (including) |
| Storage_virtualize | Ibm | 8.6.2.0 (including) | 8.6.2.0 (including) |
| Storage_virtualize | Ibm | 8.6.2.1 (including) | 8.6.2.1 (including) |
| Storage_virtualize | Ibm | 8.6.3.0 (including) | 8.6.3.0 (including) |
| Storage_virtualize | Ibm | 8.7.1.0 (including) | 8.7.1.0 (including) |
| Storage_virtualize | Ibm | 8.7.2.0 (including) | 8.7.2.0 (including) |
| Storage_virtualize | Ibm | 8.7.2.1 (including) | 8.7.2.1 (including) |