Request a Demo
Rewterz
AsyncRAT – Active IOCs
July 8, 2025
Rewterz
An Emerging Ducktail Infostealer – Active IOCs
July 8, 2025

Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-43190 CVSS:5.9

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

CVE-2025-1351 CVSS:6.7

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.

CVE-2025-36014 CVSS:8.2

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.

Impact

  • Gain Access
  • Security Bypass
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2024-43190

  • CVE-2025-1351

  • CVE-2025-36014

Affected Vendors

  • IBM

Affected Products

  • IBM Engineering Requirements Management DOORS 9.7.2.9
  • IBM Storage Virtualize 8.5.0.0
  • IBM Storage Virtualize 8.5.0.14
  • IBM Storage Virtualize 8.5.1.0
  • IBM Storage Virtualize 8.5.2.0
  • IBM Storage Virtualize 8.5.2.3
  • IBM Storage Virtualize 8.5.3.0
  • IBM Storage Virtualize 8.5.3.1
  • IBM Storage Virtualize 8.5.4.0
  • IBM Storage Virtualize 8.6.0.0
  • IBM Storage Virtualize 8.6.0.7
  • IBM Storage Virtualize 8.6.1.0
  • IBM Storage Virtualize 8.6.2.0
  • IBM Storage Virtualize 8.6.2.1
  • IBM Storage Virtualize 8.6.3.0
  • IBM Storage Virtualize 8.7.0.0
  • IBM Storage Virtualize 8.7.2.0
  • IBM Storage Virtualize 8.7.2.1
  • IBM Storage Virtualize 8.7.3.0
  • IBM Storage Virtualize 8.7.3.1
  • IBM Integration Bus 10.1.0.0
  • IBM Integration Bus 10.1.0.5

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-43190

CVE-2025-1351

CVE-2025-36014