Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-5935— TSSC/IMC is vulnerable to OS Command Injection

CVSS 7.3 · High EPSS 0.06% · P19
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-5935

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
TSSC/IMC is vulnerable to OS Command Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM Total Storage Service Console / TS4500 IMC 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM Total Storage Service Console / TS4500 IMC是美国国际商业机器(IBM)公司的一个用于存储系统监控、配置与维护管理的服务控制台软件。 IBM Total Storage Service Console / TS4500 IMC 9.2版本、9.3版本、9.4版本、9.5版本和9.6版本存在操作系统命令注入漏洞,该漏洞源于对用户输入验证不当,可能导致未经身份验证的攻击者以普通用户权限执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
IBMTotal Storage Service Console (TSSC) / TS4500 IMC 9.2.0 ~ 9.6.0 cpe:2.3:a:ibm:total_storage_service_console_tssc__ts4500_imc:9.2:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-5935

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-5935

Please Login to view more intelligence information

Same Patch Batch · IBM · 2026-04-22 · 11 CVEs total

CVE-2026-36217.5 HIGHIBM WebSphere Application Server Liberty is affected by identity spoofing
CVE-2026-59266.5 MEDIUMSecurity vulnerabilities have been found in IBM Verify Identity Access and IBM Security Ve
CVE-2026-13526.5 MEDIUMIBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafte
CVE-2025-360745.5 MEDIUMSecurity vulnerability has been detected in IBM Security Verify Directory
CVE-2026-49185.5 MEDIUMIBM Guardium Data Protection is affected by multiple vulnerabilities
CVE-2026-12744.9 MEDIUMIBM Guardium Data Protection is affected by multiple vulnerabilities
CVE-2026-49174.9 MEDIUMIBM Guardium Data Protection is affected by multiple vulnerabilities
CVE-2026-49194.8 MEDIUMIBM Guardium Data Protection is affected by multiple vulnerabilities
CVE-2026-12722.7 LOWIBM Guardium Data Protection is affected by multiple vulnerabilities
CVE-2026-1726Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager

IV. Related Vulnerabilities

Same vendor: IBM
Same weakness: CWE-78

V. Comments for CVE-2026-5935

No comments yet

Leave a comment