An issue exists in SoftIron HyperCloud
where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.

This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Fri, 29 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Mon, 30 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 30 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Description An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.
Title Authenticated, non-admin users can create storage pools via the sifi API
Weaknesses CWE-269
CWE-400
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Green'}


cve-icon MITRE

Status: PUBLISHED

Assigner: SoftIron

Published:

Updated: 2025-08-29T18:46:07.069Z

Reserved: 2024-12-30T21:48:00.482Z

Link: CVE-2024-13058

cve-icon Vulnrichment

Updated: 2024-12-30T23:07:41.064Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-30T22:15:05.957

Modified: 2025-08-29T19:15:33.497

Link: CVE-2024-13058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:00:46Z