IBM Storage Virtualize
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Storage Virtualize.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Storage Virtualize. Last year, in 2025 Storage Virtualize had 5 security vulnerabilities published. Right now, Storage Virtualize is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 8.38 |
| 2024 | 2 | 6.05 |
| 2023 | 1 | 7.50 |
It may take a day or so for new Storage Virtualize vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Storage Virtualize Security Vulnerabilities
IBM Storage Virtualize 8.49.1 IKEv1 SA Neg. Remote Leak
CVE-2025-36118
7.5 - High
- November 17, 2025
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
Heap Inspection
IBM SV 8.4-8.7 Privilege Escalation via SSH Auth Check Flaw
CVE-2025-36120
8.8 - High
- August 18, 2025
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.
AuthZ
IBM Storage Virtualize 8.5-8.7 Privilege Escalation via Race Condition in
CVE-2025-1351
6.7 - Medium
- July 07, 2025
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
Race Condition
Remote Java Code Exec via RPCAdapter in IBM FlashSystem Storage Virtualize
CVE-2025-0160
9.8 - Critical
- February 28, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
Process Control
IBMSV RPCAdapter Auth Bypass via HTTP (8.5.0.0-8.7.2.1)
CVE-2025-0159
9.1 - Critical
- February 28, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Authentication Bypass Using an Alternate Path or Channel
IBM FlashSystem 5300 USB port bypass leads to data loss
CVE-2024-39723
4.6 - Medium
- July 08, 2024
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
authentification
IBM Storwize Spoof Trusted System Remote Attack (8.6)
CVE-2023-47700
7.5 - High
- February 07, 2024
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.
Improper Certificate Validation
IBM SAN Volume Controller & Storwize 8.3 Default Password for Privileged User
CVE-2023-43042
7.5 - High
- December 14, 2023
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
1393
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Storage Virtualize or by IBM? Click the Watch button to subscribe.
