Denis Ivan

**Name of the Vulnerable Software and Affected Versions** IBM FlashSystem versions 8.5.0.0 through 8.5.0.13 IBM FlashSystem versions 8.5.1.0 IBM FlashSystem versions 8.5.2.0 through 8.5.2.3 IBM FlashSystem versions 8.5.3.0 through 8.5.3.1 IBM FlashSystem versions 8.5.4.0 IBM FlashSystem versions 8.6.0.0 through 8.6.0.5 IBM FlashSystem versions 8.6.1.0 IBM FlashSystem versions 8.6.2.0 through 8.6.2.1 IBM FlashSystem versions 8.6.3.0 IBM FlashSystem versions 8.7.0.0 through 8.7.0.2 IBM FlashSystem versions 8.7.1.0 IBM FlashSystem versions 8.7.2.0 through 8.7.2.1 **Description** The issue allows a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. This could potentially affect a large number of devices worldwide, although the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** Update to version 8.5.0.14 to resolve the issue for versions 8.5.0.0 through 8.5.0.13. Update to version 8.5.1.1 to resolve the issue for version 8.5.1.0. Update to version 8.5.2.5 to resolve the issue for versions 8.5.2.0 through 8.5.2.3. Update to version 8.5.3.2 to resolve the issue for versions 8.5.3.0 through 8.5.3.1. Update to version 8.5.4.1 to resolve the issue for version 8.5.4.0. Update to version 8.6.0.6 to resolve the issue for versions 8.6.0.0 through 8.6.0.5. Update to version 8.6.1.1 to resolve the issue for version 8.6.1.0. Update to version 8.6.2.2 to resolve the issue for versions 8.6.2.0 through 8.6.2.1. Update to version 8.6.3.1 to resolve the issue for version 8.6.3.0. Update to a version later than 8.7.2.1 to resolve the issue for versions 8.7.0.0 through 8.7.0.2, 8.7.1.0, and 8.7.2.0 through 8.7.2.1.

**Name of the Vulnerable Software and Affected Versions** IBM FlashSystem versions 8.5.0.0 through 8.5.0.13 IBM FlashSystem versions 8.5.1.0 IBM FlashSystem versions 8.5.2.0 through 8.5.2.3 IBM FlashSystem versions 8.5.3.0 through 8.5.3.1 IBM FlashSystem version 8.5.4.0 IBM FlashSystem versions 8.6.0.0 through 8.6.0.5 IBM FlashSystem version 8.6.1.0 IBM FlashSystem versions 8.6.2.0 through 8.6.2.1 IBM FlashSystem version 8.6.3.0 IBM FlashSystem versions 8.7.0.0 through 8.7.0.2 IBM FlashSystem version 8.7.1.0 IBM FlashSystem versions 8.7.2.0 through 8.7.2.1 **Description** The issue is related to improper restrictions in the RPCAdapter service, which could allow a remote attacker with access to the system to execute arbitrary Java code. **Recommendations** For versions 8.5.0.0 through 8.5.0.13, consider restricting access to the RPCAdapter service until a patch is available. For version 8.5.1.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.5.2.0 through 8.5.2.3, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.5.3.0 through 8.5.3.1, consider restricting access to the RPCAdapter service until a patch is available. For version 8.5.4.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.6.0.0 through 8.6.0.5, consider restricting access to the RPCAdapter service until a patch is available. For version 8.6.1.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.6.2.0 through 8.6.2.1, consider restricting access to the RPCAdapter service until a patch is available. For version 8.6.3.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.7.0.0 through 8.7.0.2, consider restricting access to the RPCAdapter service until a patch is available. For version 8.7.1.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.7.2.0 through 8.7.2.1, consider restricting access to the RPCAdapter service until a patch is available.