Description
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.
References (1)
Core 1
Core References
Various Sources
https://advisories.softiron.cloud/
Scores
CVSS v4
4.8
EPSS
0.0041
EPSS Percentile
32.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Green
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
CWE-285
CWE-400
Status
published
Products (1)
SoftIron/HyperCloud
2.3.0 - 2.5.0
Published
Dec 30, 2024
Tracked Since
Feb 18, 2026