9.8
CVE-2026-5935
- EPSS 0.34%
- Veröffentlicht 22.04.2026 23:30:08
- Zuletzt bearbeitet 18.05.2026 16:57:24
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
TSSC/IMC is vulnerable to OS Command Injection
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Total Storage Service Console Version9.2
Ibm ≫ Total Storage Service Console Version9.3
Ibm ≫ Total Storage Service Console Version9.4
Ibm ≫ Total Storage Service Console Version9.5
Ibm ≫ Total Storage Service Console Version9.6
Ibm ≫ Ts4500 Imc Version9.2
Ibm ≫ Ts4500 Imc Version9.3
Ibm ≫ Ts4500 Imc Version9.4
Ibm ≫ Ts4500 Imc Version9.5
Ibm ≫ Ts4500 Imc Version9.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://www.ibm.com/support/pages/node/7270127