PT-2025-27494 · Ibm · Ibm System Storage Virtualization Engine Ts7700
Published
2025-06-30
·
Updated
2025-09-30
·
CVE-2025-2141
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM System Storage Virtualization Engine TS7700 versions 3957 VED R5.4 8.54.2.17 through R6.0 8.60.0.115
IBM System Storage Virtualization Engine TS7700 versions 3948 VED R5.4 8.54.2.17 through R6.0 8.60.0.115
IBM System Storage Virtualization Engine TS7700 version 3948 VEF R6.0 8.60.0.115
Description:
This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability enables cross-site scripting attacks.
Recommendations:
For IBM System Storage Virtualization Engine TS7700 versions 3957 VED R5.4 8.54.2.17 through R6.0 8.60.0.115, update to a version that includes the fix for this issue.
For IBM System Storage Virtualization Engine TS7700 versions 3948 VED R5.4 8.54.2.17 through R6.0 8.60.0.115, update to a version that includes the fix for this issue.
For IBM System Storage Virtualization Engine TS7700 version 3948 VEF R6.0 8.60.0.115, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm System Storage Virtualization Engine Ts7700