CVE-2021-29873 — HIGH (8.1)

Q: What is CVE-2021-29873?

CVE-2021-29873 is a vulnerability with a CVSS score of 8.1 (HIGH). IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

Q: How severe is CVE-2021-29873?

CVE-2021-29873 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-29873?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Virtualize, Ibm Spectrum Virtualize For Public Cloud, Ibm Storwize V3500 Software, Ibm Storwize V3700 Software, Ibm Storwize V5000 Software.

Vulnerability Description

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	Spectrum Virtualize	>= 7.8.0.0, < 8.4.0.0
Ibm	Spectrum Virtualize For Public Cloud	>= 7.8.0.0, < 8.4.0.0
Ibm	Storwize V3500 Software	>= 7.8.0.0, < 8.4.0.0
Ibm	Storwize V3700 Software	>= 7.8.0.0, < 8.4.0.0
Ibm	Storwize V5000 Software	>= 7.8.0.0, < 8.4.0.0
Ibm	Storwize V5100 Software	>= 7.8.0.0, < 8.4.0.0
Ibm	Storwize V7000 Software	>= 7.8.0.0, < 8.4.0.0
Ibm	San Volume Controller Firmware	>= 7.8.0.0, < 8.4.0.0
Ibm	Flashsystem 9100 Firmware	>= 7.8.0.0, < 8.4.0.0
Ibm	Flashsystem 9100	-
Ibm	Flashsystem 9000 Firmware	>= 7.8.0.0, < 8.4.0.0
Ibm	Flashsystem 9000	-

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/206229VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6497111PatchVendor Advisory
https://www.ibm.com/support/pages/node/6507091PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/206229VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6497111PatchVendor Advisory
https://www.ibm.com/support/pages/node/6507091PatchVendor Advisory

FAQ

What is CVE-2021-29873?

CVE-2021-29873 is a vulnerability with a CVSS score of 8.1 (HIGH). IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.

How severe is CVE-2021-29873?

CVE-2021-29873 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29873?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Virtualize, Ibm Spectrum Virtualize For Public Cloud, Ibm Storwize V3500 Software, Ibm Storwize V3700 Software, Ibm Storwize V5000 Software.