Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Fusion by IBM

    CVE-2025-36222 (GCVE-0-2025-36222)

    Vulnerability from nvd – Published: 2025-09-11 20:44 – Updated: 2026-02-26 17:48
    VLAI
    Title
    IBM Fusion insecure default configuration
    Summary
    IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7244646 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Fusion Affected: 2.2.0 , ≤ 2.10.1 (semver)
        cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Fusion HCI Affected: 2.2.0 , ≤ 2.10.0 (semver)
        cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Fusion HCI for watsonx Affected: 2.8.2 , ≤ 2.10.0 (semver)
        cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Robert Hotchkiss
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-13T03:55:39.299346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.1",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion HCI",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion HCI for watsonx",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0",
                  "status": "affected",
                  "version": "2.8.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Hotchkiss"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
                }
              ],
              "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-11T20:44:06.696Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7244646"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProducts\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion range \u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.1\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242341\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions..\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI for watsonx\u003c/td\u003e\u003ctd\u003e2.8.2 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI for watsonx 2.11.0. See \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now.\n\nProductsVersion range Remediation InstructionsIBM Fusion2.2.0 - 2.10.1Upgrade to IBM Fusion 2.11.0. See the  README https://www.ibm.com/support/pages/node/7242341 \u00a0for instructions..IBM Fusion HCI2.2.0 - 2.10.0Upgrade to IBM Fusion HCI 2.11.0. See the  README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions.IBM Fusion HCI for watsonx2.8.2 - 2.10.0Upgrade to IBM Fusion HCI for watsonx 2.11.0. See  README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Fusion insecure default configuration",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36222",
        "datePublished": "2025-09-11T20:44:06.696Z",
        "dateReserved": "2025-04-15T21:16:41.802Z",
        "dateUpdated": "2026-02-26T17:48:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22315 (GCVE-0-2024-22315)

    Vulnerability from nvd – Published: 2025-01-28 01:50 – Updated: 2025-01-28 15:16
    VLAI
    Title
    IBM Fusion improper communication restriction
    Summary
    IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Fusion Affected: 2.3.0 , ≤ 2.8.2 (semver)
        cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Fusion HCI Affected: 2.3.0 , ≤ 2.8.2 (semver)
    Create a notification for this product.
    IBM Fusion HCI for watsonx Affected: 2.8.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T14:53:21.791243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:16:13.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fusion HCI",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fusion HCI for watsonx",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
                }
              ],
              "value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-28T01:50:54.965Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Fusion improper communication restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22315",
        "datePublished": "2025-01-28T01:50:54.965Z",
        "dateReserved": "2024-01-08T23:41:52.508Z",
        "dateUpdated": "2025-01-28T15:16:13.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36222 (GCVE-0-2025-36222)

    Vulnerability from cvelistv5 – Published: 2025-09-11 20:44 – Updated: 2026-02-26 17:48
    VLAI
    Title
    IBM Fusion insecure default configuration
    Summary
    IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7244646 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Fusion Affected: 2.2.0 , ≤ 2.10.1 (semver)
        cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Fusion HCI Affected: 2.2.0 , ≤ 2.10.0 (semver)
        cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Fusion HCI for watsonx Affected: 2.8.2 , ≤ 2.10.0 (semver)
        cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Robert Hotchkiss
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-13T03:55:39.299346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion:2.10.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.1",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion_hci:2.10.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion HCI",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.10.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion HCI for watsonx",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0",
                  "status": "affected",
                  "version": "2.8.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Hotchkiss"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
                }
              ],
              "value": "IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-11T20:44:06.696Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7244646"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProducts\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion range \u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.1\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242341\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions..\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI\u003c/td\u003e\u003ctd\u003e2.2.0 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI 2.11.0. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Fusion HCI for watsonx\u003c/td\u003e\u003ctd\u003e2.8.2 - 2.10.0\u003c/td\u003e\u003ctd\u003eUpgrade to IBM Fusion HCI for watsonx 2.11.0. See \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7242340\"\u003eREADME\u003c/a\u003e\u0026nbsp;for instructions.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability now.\n\nProductsVersion range Remediation InstructionsIBM Fusion2.2.0 - 2.10.1Upgrade to IBM Fusion 2.11.0. See the  README https://www.ibm.com/support/pages/node/7242341 \u00a0for instructions..IBM Fusion HCI2.2.0 - 2.10.0Upgrade to IBM Fusion HCI 2.11.0. See the  README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions.IBM Fusion HCI for watsonx2.8.2 - 2.10.0Upgrade to IBM Fusion HCI for watsonx 2.11.0. See  README https://www.ibm.com/support/pages/node/7242340 \u00a0for instructions."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Fusion insecure default configuration",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36222",
        "datePublished": "2025-09-11T20:44:06.696Z",
        "dateReserved": "2025-04-15T21:16:41.802Z",
        "dateUpdated": "2026-02-26T17:48:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22315 (GCVE-0-2024-22315)

    Vulnerability from cvelistv5 – Published: 2025-01-28 01:50 – Updated: 2025-01-28 15:16
    VLAI
    Title
    IBM Fusion improper communication restriction
    Summary
    IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Fusion Affected: 2.3.0 , ≤ 2.8.2 (semver)
        cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Fusion HCI Affected: 2.3.0 , ≤ 2.8.2 (semver)
    Create a notification for this product.
    IBM Fusion HCI for watsonx Affected: 2.8.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T14:53:21.791243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:16:13.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_fusion_hci:2.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_fusion_hci:2.8.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fusion HCI",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Fusion HCI for watsonx",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.8.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
                }
              ],
              "value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-28T01:50:54.965Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7179168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Fusion improper communication restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22315",
        "datePublished": "2025-01-28T01:50:54.965Z",
        "dateReserved": "2024-01-08T23:41:52.508Z",
        "dateUpdated": "2025-01-28T15:16:13.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }