CVE-2025-36118
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-12-08
Assigner: IBM Corporation
Description
Description
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | storage_virtualize | 8.4.0.0 |
| ibm | storage_virtualize | 8.5.0.0 |
| ibm | storage_virtualize | 8.7.0.0 |
| ibm | storage_virtualize | 9.1.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-244 | Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 in the IKEv1 implementation. It allows remote attackers to obtain sensitive information from the device memory by sending a Security Association (SA) negotiation request.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can remotely access sensitive information stored in the device memory without authorization, potentially leading to data exposure and compromising confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70