CVE-2026-5935

HIGH

TSSC/IMC is vulnerable to OS Command Injection

Title source: cna

Description

IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7270127

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (1)

IBM/Total Storage Service Console (TSSC) / TS4500 IMC 9.2.0 - 9.6.0

Published Apr 23, 2026

Tracked Since Apr 23, 2026