Security Advisory

IBM Product Security Update Advisory

  • Mar 04 2025

Overview

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2024-55898

IBM i Version: 7.5
IBM i Version: 7.4
IBM i Version: 7.3
IBM i version: 7.2

 

CVE-2025-0975

IBM MQ Appliance Version: 9.3 LTS
IBM MQ Appliance version: 9.3 CD
IBM MQ Appliance version: 9.4 LTS
IBM MQ Appliance version: 9.4 CD

 

CVE-2025-0159, CVE-2025-0160

IBM Storage Virtualize versions: 8.5.0.0 through 8.5.0.13 (inclusive)
IBM Storage Virtualize versions: 8.5.1.0, 8.5.2.0 through 8.5.2.3 (inclusive), 8.5.3.0 through 8.5.3.1 (inclusive), 8.5.4.0, 8.6.0.0 through 8.6.0.5 (inclusive)
IBM Storage Virtualize versions: 8.6.1.0, 8.6.2.0 through 8.6.2.1 (included), 8.6.3.0, 8.7.0.0 through 8.7.0.2 (included)
IBM Storage Virtualize versions: 8.7.1.0, 8.7.2.0 through 8.7.2.1 (inclusive), 8.7.2.0 through 8.7.2.1 (inclusive)

 

Resolved Vulnerabilities

Vulnerability that could allow privilege escalation due to unspecified library calls (CVE-2024-55898)
Vulnerability that could allow authenticated users to execute code due to improper neutralization of escape character handling (CVE-2025-0975)
Vulnerability that could allow authenticators on RPCAdapter endpoints to be bypassed via crafted HTTP requests (CVE-2025-0159)
Improper restriction of the RPCAdapter service could allow remote attackers to execute arbitrary Java code (CVE-2025-0160)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

 

CVE-2024-55898, CVE-2025-0975

Please refer to the referenced sites below to update to the latest versions:[1] [2]

 

CVE-2025-0159, CVE-2025-0160

IBM Storage Virtualize version: 8.5.0.14
IBM Storage Virtualize version: 8.6.0.6
IBM Storage Virtualize version: 8.7.0.3
IBM Storage Virtualize version: 8.7.2.2

 

References

[1] Security Bulletin: IBM i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2024-55898].
https://www.ibm.com/support/pages/node/7183835
[2] Security Bulletin: IBM MQ Appliance Console is affected by code injection vulnerability (CVE-2025-0975)
https://www.ibm.com/support/pages/node/7183467
[3] Security Bulletin: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
https://www.ibm.com/support/pages/node/7184182

Tags:

Previous Post

Next Post