IBM TSSC/TS4500 IMC CVE-2026-5935

| EUVD-2026-25136 HIGH
OS Command Injection (CWE-78)
2026-04-23 [email protected] GHSA-7345-vwm6-q6vg
Command Injection IBM
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Apr 23, 2026 - 06:47 vuln.today

DescriptionNVD

IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.

AnalysisAI

Remote code execution in IBM Total Storage Service Console (TSSC) and TS4500 IMC versions 9.2 through 9.6 allows unauthenticated attackers to execute arbitrary commands with normal user privileges via improper input validation. The vulnerability carries a CVSS score of 7.3 with network attack vector and low complexity (AV:N/AC:L/PR:N/UI:N), enabling remote exploitation without authentication. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all IBM TSSC and TS4500 IMC deployments and document current versions in use. Within 7 days: Implement network segmentation to restrict unauthenticated access to affected systems; apply compensating controls (see below). …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-5935 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy