CVE-2025-36056

Name of the Vulnerable Software and Affected Versions: IBM System Storage Virtualization Engine TS7700 versions 8.54.2.17 through 8.60.0.115 IBM System Storage Virtualization Engine 3948 VED versions 8.54.2.17 through 8.60.0.115 IBM System Storage Virtualization Engine 3948 VEF version 8.60.0.115

Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability is related to cross-site scripting.

Recommendations: For IBM System Storage Virtualization Engine TS7700 versions 8.54.2.17 through 8.60.0.115, restrict access to the Web UI until a patch is available. For IBM System Storage Virtualization Engine 3948 VED versions 8.54.2.17 through 8.60.0.115, consider disabling JavaScript execution in the Web UI as a temporary workaround. For IBM System Storage Virtualization Engine 3948 VEF version 8.60.0.115, avoid using the Web UI for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.