Description
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.
Published: 2026-04-22
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: OS Command Injection (Remote Code Execution)
Action: Patch Now
AI Analysis

Impact

A flaw in IBM Total Storage Service Console (TSSC) / TS4500 IMC allows an unauthenticated user to inject operating system commands, enabling execution of arbitrary commands with the privileges of the normal user context. This vulnerability is categorized as CWE‑78 and can grant an attacker unauthorized command execution on the affected system.

Affected Systems

IBM Total Storage Service Console (TSSC) / TS4500 IMC versions 9.2, 9.3, 9.4, 9.5, and 9.6 are impacted. The fix is available in version 9.4.31 for the 9.4.x line and version 9.6.15 for the 9.6.x line. Earlier releases without these updates remain vulnerable.

Risk and Exploitability

The CVSS score of 7.3 indicates a high-severity risk. Although the EPSS score is below 1%, suggesting low probability of exploitation at the time of this assessment, the vulnerability is not listed in the CISA KEV catalog. It is likely exploitable via the management or web interface of TSSC/IMC, whereby an unauthenticated connections can trigger the command injection. The impact is the unauthorized execution of system commands, potentially leading to further compromise or denial of service.

Generated by OpenCVE AI on April 28, 2026 at 15:14 UTC.

Remediation

Vendor Solution

Affected Product(s)Version(s)Remediation/Fix/InstructionsTotal Storage Service Console (TSSC) / TS4500 IMC9.4.14, 9.4.21, 9.4.26, 9.6.10, 9.5.8,Upgrade to 9.4.31/9.6.15 Download patch 9.X.X_FixOSCommandInjection_2026-04-06 or 9.X.X_FixOSCommandInjection_2026-04-06 and execute on TSSC/IMC system. Please see instructions below. Total Storage Service Console (TSSC) / TS4500 IMC9.4.31,  9.6.15Download patch 9.X.X_FixOSCommandInjection_2026-04-06 or 9.X.X_FixOSCommandInjection_2026-04-06 and execute on TSSC/IMC system. Please see instructions below. For information on how to download the patch please refer to the following page:  Available Updates https://www.ibm.com/docs/en/tssc

OpenCVE Recommended Actions

  • Download and install the IBM patch 9.X.X_FixOSCommandInjection_2026-04-06 for the affected TSSC/IMC system
  • Upgrade the TSSC/IMC to the fixed versions 9.4.31 (for 9.4.x) or 9.6.15 (for 9.6.x)
  • Check the IBM update portal and apply any additional updates recommended by IBM for the TSSC/IMC product

Generated by OpenCVE AI on April 28, 2026 at 15:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm total Storage Service Console
Ibm ts4500 Imc
CPEs cpe:2.3:a:ibm:total_storage_service_console:9.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:total_storage_service_console:9.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:total_storage_service_console:9.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:total_storage_service_console:9.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:total_storage_service_console:9.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ts4500_imc:9.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ts4500_imc:9.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ts4500_imc:9.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ts4500_imc:9.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:ts4500_imc:9.6:*:*:*:*:*:*:*
Vendors & Products Ibm total Storage Service Console
Ibm ts4500 Imc

Thu, 23 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.
Title TSSC/IMC is vulnerable to OS Command Injection
First Time appeared Ibm
Ibm total Storage Service Console Tssc Ts4500 Imc
Weaknesses CWE-78
CPEs cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm total Storage Service Console Tssc Ts4500 Imc
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Ibm Total Storage Service Console Total Storage Service Console Tssc Ts4500 Imc Ts4500 Imc
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-23T13:57:14.969Z

Reserved: 2026-04-09T00:42:21.168Z

Link: CVE-2026-5935

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T00:16:46.900

Modified: 2026-05-18T16:57:24.933

Link: CVE-2026-5935

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T15:15:34Z

Weaknesses