SB2025051926 - Multiple vulnerabilities in IBM Storage Copy Data Management

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025051926

SB2025051926 - Multiple vulnerabilities in IBM Storage Copy Data Management

Published: May 19, 2025

Security Bulletin ID SB2025051926
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2023-34055)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that application is using Spring MVC or Spring WebFlux and that org.springframework.boot:spring-boot-actuator is on the classpath.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-5007)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to both Spring Security and the Spring Framework rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. A remote attacker can trigger the vulnerability to bypass security restrictions.


Remediation

Install update from vendor's website.

References