CVE-2021-29873
First published: Tue Oct 12 2021(Updated: )
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Virtualize | >=7.8.0.0<8.4.0.0 | |
| Ibm Spectrum Virtualize For Public Cloud | >=7.8.0.0<8.4.0.0 | |
| Ibm Storwize V3500 Software | >=7.8.0.0<8.4.0.0 | |
| Ibm Storwize V3700 Software | >=7.8.0.0<8.4.0.0 | |
| Ibm Storwize V5000 Software | >=7.8.0.0<8.4.0.0 | |
| Ibm Storwize V5100 Software | >=7.8.0.0<8.4.0.0 | |
| Ibm Storwize V7000 Software | >=7.8.0.0<8.4.0.0 | |
| Ibm San Volume Controller Firmware | >=7.8.0.0<8.4.0.0 | |
| Ibm Flashsystem 9100 Firmware | >=7.8.0.0<8.4.0.0 | |
| Ibm Flashsystem 9100 | ||
| Ibm Flashsystem 9000 Firmware | >=7.8.0.0<8.4.0.0 | |
| Ibm Flashsystem 9000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the ID of this vulnerability?
The ID of this vulnerability is CVE-2021-29873.
What is the severity of CVE-2021-29873?
The severity of CVE-2021-29873 is high with a severity value of 8.8.
How can an attacker exploit CVE-2021-29873?
An authenticated attacker can exploit CVE-2021-29873 to obtain sensitive information and cause a denial of service.
Which IBM products are affected by CVE-2021-29873?
IBM Spectrum Virtualize, IBM Spectrum Virtualize for Public Cloud, IBM Storwize V3500 Software, IBM Storwize V3700 Software, IBM Storwize V5000 Software, IBM Storwize V5100 Software, IBM Storwize V7000 Software, IBM SAN Volume Controller Firmware, IBM Flashsystem 9100 Firmware, and IBM Flashsystem 9000 Firmware are affected by CVE-2021-29873.
Where can I find more information about CVE-2021-29873?
You can find more information about CVE-2021-29873 on the IBM X-Force Exchange website and IBM support pages.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- vendor/ibm
- canonical/ibm spectrum virtualize
- version/ibm spectrum virtualize/7.8.0.0
- canonical/ibm spectrum virtualize for public cloud
- version/ibm spectrum virtualize for public cloud/7.8.0.0
- canonical/ibm storwize v3500 software
- version/ibm storwize v3500 software/7.8.0.0
- canonical/ibm storwize v3700 software
- version/ibm storwize v3700 software/7.8.0.0
- canonical/ibm storwize v5000 software
- version/ibm storwize v5000 software/7.8.0.0
- canonical/ibm storwize v5100 software
- version/ibm storwize v5100 software/7.8.0.0
- canonical/ibm storwize v7000 software
- version/ibm storwize v7000 software/7.8.0.0
- canonical/ibm san volume controller firmware
- version/ibm san volume controller firmware/7.8.0.0
- canonical/ibm flashsystem 9100 firmware
- version/ibm flashsystem 9100 firmware/7.8.0.0
- canonical/ibm flashsystem 9100
- canonical/ibm flashsystem 9000 firmware
- version/ibm flashsystem 9000 firmware/7.8.0.0
- canonical/ibm flashsystem 9000